[1080] in linux-security and linux-alert archive
Re: [linux-security] syn floods
daemon@ATHENA.MIT.EDU (thought)
Mon Aug 26 07:31:06 1996
From: thought <route@infonexus.com>
To: kit@connectnet.com (Kit Knox)
Date: Sun, 25 Aug 1996 11:35:16 -0700 (PDT)
Cc: poodge@econ.Berkeley.EDU, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.960825085823.103A-100000@irc.connectnet.com> from "Kit Knox" at Aug 25, 96 09:04:29 am
Kit Knox's thoughts were:
|
| Here is a script that I wrote to help combat syn floods. It requires the
| use of snuke which spoofs ICMP_DEST_UNREACH in order to allow for the
| fixing of syn floods on virtual interfaces and the such.
|
| (I apologize, its a perl script, but it works..)
|
If the IP addresses are forged (which they will be), this program
will do no good...
[REW: Moreover, it will bomb long-latency web browsers.
time
(seconds)
1 client -> server SYN
2 server -> client SYN ACK
3 client -> server ACK
4 client -> server "GET / HTTP/1.0\n\r\n\r"
5 server -> client "<html> <img src=img1> <img src=img2>,..."
6 client -> server ACK packet.
6.1 client -> server SYN (for img1)
6.2 client -> server SYN (for img2)
6.3 client -> server SYN (for img3)
[ At this moment the script could trigger.]
....
]
--
[ route@infonexus.com ] Editor, Phrack Magazine / Guild Corporation Chair
the greatest trick the devil ever pulled was
convincing the world he didn't exist