RST Sequence Number (SYN flood)

RST Sequence Number (SYN flood)

Post by Michael Jeffry Donah » Wed, 28 Apr 1999 04:00:00

Hi!  I am playing with SYN flood under Linux.  I want to send a TCP RST to
the half-open connections in the SYN_RECV state to free them up.  Unfortunately,
it appears that I must have the correct sequence number for RST TCP packet;
otherwise, it is ignored.  How do I get this information from the kernel?
It would be nice if netstat could return sequence # information.

Any and all help is appreciated,
Michael J. Donahoo
Georgia Institute of Technology College of Computing
801 Atlantic Drive, Atlanta Georgia, 30332-0280

Work: (404) 894-6735  Lab:  (404) 876-3209 x124
Fax:  (404) 894-0272  Home: (770) 819-1870


1. Sendmail's resistance to SYN Flood using SYN filter?

I've recently installed Alan Cox's TCP patch for Linux (AKA SYN Bomb
filter), and I've increased the listen queue (in daemon.c, ListenQueueSize)
to 512, per the patch's instructions.  (As an aside, the patch is really

Anyways, inetd and (Apache) httpd are highly resistant to a SYN flood
now, but sendmail seems a bit picky:  During a flood attack, sendmail
will refuse the connection for four or five attempts before I can get
through.  (inetd and httpd allow connections on the first try, almost 100%
of the time).

Has anyone else experienced this, or are there some other parameters that
I could try tuning?


  Greg       | 0B 65 E0 58 F3 F9 81 F5 |
              Interested in Jai-Alai?         | F0 72 75 FA 1E BD C9 66 |

2. The keys on the left side

3. SYN Flood or SYN Attack

4. How do I test a web server without being connected to the net?

5. SYN ECHO REQUEST SYN/ACK sequence on AIX box

6. nvidia riva tnt, viper 550, xfree 4.0.1, K7, Asus K7V

7. CERT/CC VU#464113, SYN plus RST/FIN

8. Prelude to: How to setup a printer in FreeBSD

9. RST in response to SYN (Posix.1g)

10. Socket Connection Probolem - SYN - RST

11. syn floods

12. SYN flood

13. SYN Flooding Security Vulnerability in HP-UX