|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Otto Hammersmith <ohammers@cu-online.com> To: redhat-list@redhat.com Date: Wed, 6 Nov 1996 16:06:32 -0600 (CST) In-Reply-To: <199611062200.RAA29422@tristan.redhat.com> from "Michael K. Johnson" at Nov 6, 96 05:00:09 pm Resent-From: redhat-list@redhat.com Reply-To: redhat-list@redhat.com Michael K. Johnson wrote: > > > jyan-min fang writes: > >guarded against. At that time, I kind of agreed with those > >opinions after reading the article, and now I am very amazed > >that linux has a soultion to it. So, how does linux manage to > >work around this synchronous attack? > > There are two approaches to defending against the SYN attack. > The simple approach works against one of the exploit programs > but not the other, and is understood and works fine. It merely > limits the number of outstanding sockets in the SYN state from > any IP address, and that only when the buffer is relatively > full. This is the defense that the article talks about. > > Some exploits are more sophisticated; for those there is another > solution that isn't completely debugged last I heard. I don't > know many details on that defense, so I won't talk about it here > and make a fool out of myself... Gee, and I thought the solution was to use IPv6. (the kernel supports it now, right?) :) -- -Otto -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! ________________________________________________________________________ http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists ------------------------------------------------------------------------ To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |