[1074] in linux-security and linux-alert archive
Re: [linux-security] syn floods
daemon@ATHENA.MIT.EDU (thought)
Mon Aug 26 07:23:41 1996
From: thought <route@infonexus.com>
To: kit@connectnet.com (Kit Knox)
Date: Sun, 25 Aug 1996 11:12:39 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu, poodge@econ.Berkeley.EDU
In-Reply-To: <Pine.LNX.3.95.960825085823.103A-100000@irc.connectnet.com> from "Kit Knox" at Aug 25, 96 09:04:29 am
Kit Knox's thoughts were:
| I haven't seen cases of kernel crashes, just the listen() buffer is filled
| up until the SYN's time out.
I have. On 1.2.13 kernels (and prolly anything before-- dunno
about 2.0.x) you can flood a host with 10 forged connection
requests on every listening TCP port. This will in effect stop
all TCP based network connectivity. The new issue of Phrack
(due out by Monday) will have a complete discussion of this.
| Here is a script that I wrote to help combat syn floods. It requires the
| use of snuke which spoofs ICMP_DEST_UNREACH in order to allow for the
| fixing of syn floods on virtual interfaces and the such.
Hmmm... Interesting...
--
[ route@infonexus.com ] Editor, Phrack Magazine / Guild Corporation Chair
the greatest trick the devil ever pulled was
convincing the world he didn't exist