[3089] in RedHat Linux List
Re: how does linux defend against synchronous attack?
daemon@ATHENA.MIT.EDU (Daniel Senie)
Wed Nov 6 23:19:40 1996
Date: Wed, 6 Nov 1996 23:17:30 -0500 (EST)
From: Daniel Senie <dts@senie.com>
To: jyan-min fang <fang@sun2.bnl.gov>
cc: redhat-list@redhat.com
In-Reply-To: <Pine.SOL.3.91.961106162936.10575D-100000@sun2.bnl.gov>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Wed, 6 Nov 1996, jyan-min fang wrote:
> Hi,
>
> In that infamous pcweek article, the author mentioned that
> linux is the only OS which can somehow defend the synchronous
> attack. I remembered, in an article in NYTimes a few months ago,
> that one of the NYC ISPs (panix I believed) were brought down
> completely by the synchronous attack and it said some experts
> believed the synchronous attack is intrinsic and can't be
> guarded against. At that time, I kind of agreed with those
> opinions after reading the article, and now I am very amazed
> that linux has a soultion to it. So, how does linux manage to
> work around this synchronous attack?
It is possible to guard against SYN attacks, such as the one lodged
against PANIX. The catch is that the place where the attacks need to be
stopped is at the source. Filtering capabilities present in leading
routers are capable of ensuring users are unable to use bogus IP addresses
as the source address on packets (the case with the Panix attack).
There are two draft RFCs that discuss this issue, one from Proteon (mine)
and one from Cisco. Reading either or both will explain the methods that
all Internet Providers and network administrators should take to ensure
their sites and users are NOT the source of these attacks.
At the server end, the BSDI folks and others have released patches to
their kernels to greatly expand the incoming connection queue while at
the same time limit the resources consumed by partially open TCP
connections.
The combination of the server enhancements and the use of filtering router
setups form the response to this threat.
Dan Senie
Proteon Engineering
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
