[3036] in RedHat Linux List
Re: how does linux defend against synchronous attack?
daemon@ATHENA.MIT.EDU (Michael K. Johnson)
Wed Nov 6 17:04:01 1996
To: redhat-list@redhat.com
From: "Michael K. Johnson" <johnsonm@redhat.com>
In-reply-to: Your message of "Wed, 06 Nov 1996 16:45:20 EST."
<Pine.SOL.3.91.961106162936.10575D-100000@sun2.bnl.gov>
Date: Wed, 06 Nov 1996 17:00:09 -0500
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
jyan-min fang writes:
>guarded against. At that time, I kind of agreed with those
>opinions after reading the article, and now I am very amazed
>that linux has a soultion to it. So, how does linux manage to
>work around this synchronous attack?
There are two approaches to defending against the SYN attack.
The simple approach works against one of the exploit programs
but not the other, and is understood and works fine. It merely
limits the number of outstanding sockets in the SYN state from
any IP address, and that only when the buffer is relatively
full. This is the defense that the article talks about.
Some exploits are more sophisticated; for those there is another
solution that isn't completely debugged last I heard. I don't
know many details on that defense, so I won't talk about it here
and make a fool out of myself...
michaelkjohnson
"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
