[1080] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] syn floods

daemon@ATHENA.MIT.EDU (thought)
Mon Aug 26 07:31:06 1996

From: thought <route@infonexus.com>
To: kit@connectnet.com (Kit Knox)
Date: Sun, 25 Aug 1996 11:35:16 -0700 (PDT)
Cc: poodge@econ.Berkeley.EDU, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.960825085823.103A-100000@irc.connectnet.com> from "Kit Knox" at Aug 25, 96 09:04:29 am

Kit Knox's thoughts were:

| 
| Here is a script that I wrote to help combat syn floods.  It requires the
| use of snuke which spoofs ICMP_DEST_UNREACH in order to allow for the
| fixing of syn floods on virtual interfaces and the such.
| 
| (I apologize, its a perl script, but it works..)
| 

	If the IP addresses are forged (which they will be), this program
	will do no good...

[REW: Moreover, it will bomb long-latency web browsers.
     time 
   (seconds)
       1   client -> server SYN
       2   server -> client SYN ACK
       3   client -> server ACK
       4   client -> server "GET / HTTP/1.0\n\r\n\r"
       5   server -> client "<html> <img src=img1> <img src=img2>,..."
       6   client -> server ACK packet.
       6.1 client -> server SYN (for img1)
       6.2 client -> server SYN (for img2)
       6.3 client -> server SYN (for img3)
       [ At this moment the script could trigger.]
       ....    
]

-- 
[ route@infonexus.com ]  Editor, Phrack Magazine / Guild Corporation Chair

	       the greatest trick the devil ever pulled was
		   convincing the world he didn't exist

home help back first fref pref prev next nref lref last post