[12933] in North American Network Operators' Group
Re: Syn flooding attacks
daemon@ATHENA.MIT.EDU (Jeffrey C. Ollie)
Mon Oct 20 14:14:02 1997
Date: Mon, 20 Oct 1997 12:49:20 -0500
From: "Jeffrey C. Ollie" <jeff@ollie.clive.ia.us>
To: nanog@merit.edu
This is a cryptographically signed message in MIME format.
--------------ms589055D31535C3568468BFF8
Content-Type: multipart/mixed; boundary="------------3444EFC8A83BE2B332A83D9D"
This is a multi-part message in MIME format.
--------------3444EFC8A83BE2B332A83D9D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Phil Howard wrote:
>
> The server can enlarge its table of pending connections and shorten it's
> timeout on them. Currently I think this is on the order of 2 to 3 minutes
> and I think I can live with shortening it to 20 seconds, if I could get in
> the kernel to make that change (easy for Linux, FreeBSD, etc, but not for
> most commercial systems like Solaris, NT, etc).
On the latest Linux kernels (and perhaps on other free UNIXs) there is a
feature known as "SYN cookies". Basically this feature lets servers
eliminate the table of half open connections by carefully crafting the
ACK so that the next packet from the originating host has enough
information to fully open the connection. This was widely discussed on
nanog and other lists when SYN flooding attacks first became popular a
year or so ago. Check the archives for more information or check out
the Linux TCP code in the latest kernels.
Jeff
--------------3444EFC8A83BE2B332A83D9D
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Ollie, Jeffrey
Content-Disposition: attachment; filename="vcard.vcf"
begin: vcard
fn: Jeffrey Ollie
n: Ollie;Jeffrey
email;internet: jeff@ollie.clive.ia.us
tel;work: 515-965-7057
tel;fax: 515-965-7305
x-mozilla-cpt: ;0
x-mozilla-html: TRUE
version: 2.1
end: vcard
--------------3444EFC8A83BE2B332A83D9D--
--------------ms589055D31535C3568468BFF8
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIKqwYJKoZIhvcNAQcCoIIKnDCCCpgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
CKMwggPtMIIDVqADAgECAhAeBhYhhWVpKqVfNDjc6L/iMA0GCSqGSIb3DQEBBAUAMGIxETAP
BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NzEwMTYwMDAw
MDBaFw05ODEwMTYyMzU5NTlaMIIBHjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVh
bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT
IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MTMwMQYDVQQLEypEaWdpdGFsIElEIENs
YXNzIDEgLSBOZXRzY2FwZSBGdWxsIFNlcnZpY2UxFjAUBgNVBAMTDUplZmZyZXkgT2xsaWUx
JTAjBgkqhkiG9w0BCQEWFmplZmZAb2xsaWUuY2xpdmUuaWEudXMwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAKs+gLAXdii4gsP6wDMyn+j/B++3Bp7uoQLXLDg9rxYvlM2I3ON7umcQ
YUwaQ2IaH3RzHa9nergx6wPmwSJ1ENyNdPXBKJQXGfjk23k4rh9G00krxDMtxVz179L4ZpuE
Rxpy31BZ+oBJ27pYmanXCB0kic+ugnk+vvRf66q/99T5AgMBAAGjgeUwgeIwCQYDVR0TBAIw
ADCBrwYDVR0gBIGnMIAwgAYLYIZIAYb4RQEHAQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMC
AQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMp
OTcgVmVyaVNpZ24AAAAAAAAwEQYJYIZIAYb4QgEBBAQDAgeAMBAGCmCGSAGG+EUBBgMEAhYA
MA0GCSqGSIb3DQEBBAUAA4GBAK1nOUgFgZflh9pZMQuQ3VhAAKvPpl78ZzmYxhzCutht+pZ5
SKJi2Xec1zAwe4obMnKQGzm6of8OverSlzMMZ+QjJB2basgcwT1V6yBUBB81KndB8rSSLa8Y
iIvVzOAdSXqzPulysGCOA47Jsf7wPunfp5DxnBWJ4dfg3/CLOx5UMIICeTCCAeKgAwIBAgIQ
Uh81HfJwfgArvspZhwTVOTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UE
ChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwNjI3MDAwMDAwWhcNOTkwNjI3MjM1OTU5WjBi
MREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsT
K1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBALYUps9N0AUN2Moj0G+qtCmSY44s+G+W1y6ddksRsTaNV8nD
/RzGuv4eCLozypXqvuNbzQaot3kdRCrtc/KxUoNoEHBkkdc+a/n3XZ0UQ5tul0WYgUfRLcvd
u3LXTD9xquJA8lQ5vBbuz3zsuts/bCqzFrGGEp2ukzTVuNXQ9z6pAgMBAAGjMzAxMA8GA1Ud
EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjANBgkqhkiG9w0B
AQIFAAOBgQDB+vcC51fKEXXGnAz6K3dPh0UXO+PSwdoPWDmOrpWZA6GooTj+eZqTFwuXhjnH
ymg0ZrvHiEX2yAwF7r6XJe/g1G7kf512XM59uhSirguf+2dbSKVnJa8ZZIj2ctgpJ6o3Emqx
KK8ngxhlbI3tQJ5NxHiohuzpLFC/pvkN27CmSjCCAjEwggGaAgUCpAAAATANBgkqhkiG9w0B
AQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYw
MTI5MDAwMDAwWhcNOTkxMjMxMjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
aVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx
9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV
1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6
Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAUnO6mlXc3D+CfbCQmGIqgkx2AG4l
PdXCCXBXAQwPdx8YofscYA6gdTtJIUH+p1wtTEJJ0/8o2Izqnf7JB+J3glMj3lXzzkST+vpM
vco281tmsp7I8gxeXtShtCEJM8o7WfySwjj8rdmWJOAt+qMp9TNoeE60vJ9pNeKomJRzO8Qx
ggHQMIIBzAIBATB2MGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwg
SW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2Ny
aWJlcgIQHgYWIYVlaSqlXzQ43Oi/4jAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk3MTAyMDE3NDkyMFowIwYJKoZIhvcNAQkEMRYE
FBAc8ExS/j/q4NXQx8mc8YHca+i8MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYI
KoZIhvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0G
CSqGSIb3DQEBAQUABIGAE0XZEFDUkX0CvG49txC7LF2VbOgcR1f27+qVqe/OZl14tSpdUEO6
DUDqr8wHBn2XVlphtMCbc8bms3mLJvjeNplhD6hI6U8SSaLm/+BuUxYGlwvEsTcHm1NGqZQt
ssF4GHICJAZzR6miqEBY57/HzPG+V7E88+r8p6bRNuk58w8=
--------------ms589055D31535C3568468BFF8--
