SYN Flooding Security Vulnerability in HP-UX

SYN Flooding Security Vulnerability in HP-UX

Post by D. J. Bernste » Sat, 03 May 1997 04:00:00




> The best defense is to stop it at the source.

Brilliant. ``The best defense is divine intervention.''

Quote:> End systems can also provide a last line of defense by
> accommodating a much larger number of incoming SYN packets

Translation: To survive an attack from a well-connected opponent you
only need to sacrifice one or two hundred megabytes of memory.

Quote:> and appropriately replacing those half-open connections that
> have been sitting in the listen queue.

Translation: While you're under attack, you can't talk to Australia.

Why doesn't HP implement SYN cookies? SYN cookies eliminate the problem,
without dropping connections and without wasting memory.

---Dan
Let your users manage their own mailing lists. http://pobox.com/~djb/qmail.html

 
 
 

SYN Flooding Security Vulnerability in HP-UX

Post by Dave Murp » Sat, 03 May 1997 04:00:00




Quote:

>Why doesn't HP implement SYN cookies? SYN cookies eliminate the problem,
>without dropping connections and without wasting memory.

>---Dan

I can guess at what SYN Cookies are but I have never actually heard of
them before.  HAs anyone implemeted them?  is there any information about
this anywhere?

Thanks  Dave

 
 
 

SYN Flooding Security Vulnerability in HP-UX

Post by Henry Gabryjels » Sun, 04 May 1997 04:00:00



>I can guess at what SYN Cookies are but I have never actually heard of
>them before.  HAs anyone implemeted them?  is there any information about
>this anywhere?

Well, not wanting to state what will probably be posted a thousand
times, but....

The Linux Kernel, v2.0.30 and later, have an option for compiling SYN
cookies.  Source is freely available and under the GPL.  For more
information, try your local linux mirror. (mine is tsx-11.mite.edu)

or, try:
 ftp://sunsite.unc.edu/pub/Linux/kernel/v2.0/linux-2.0.30.tar.gz
http://sunsite.unc.edu/pub/Linux/kernel/v2.0/linux-2.0.30.tar.gz

HTH,

Henry Gabryjelski

 
 
 

SYN Flooding Security Vulnerability in HP-UX

Post by William Hugh Murra » Sun, 04 May 1997 04:00:00



> Why doesn't HP implement SYN cookies? SYN cookies eliminate the problem,
> without dropping connections and without wasting memory.

From the list of heresies and other words I try to live by:

Given two statements of a problem, I prefer the one that permits of a
solution.  Given two solutions, I prefer the one that is in my own
hands.

(I can no longer remember whether or not this idea is original or
whether I owe someone attribution for it.  My mind is now so cluttered
with good ideas that I could not recognize an original one if I had it.)

 
 
 

SYN Flooding Security Vulnerability in HP-UX

Post by Felix Schroet » Sun, 04 May 1997 04:00:00


Hello!



>[...]
>The Linux Kernel, v2.0.30 and later, have an option for compiling SYN
>cookies.  Source is freely available and under the GPL.  For more
>information, try your local linux mirror. (mine is tsx-11.mite.edu)

Is there a RFC or is that mechanism inofficial?
If the latter, are there any texts on that?

Regards, Felix.

 
 
 

SYN Flooding Security Vulnerability in HP-UX

Post by D. J. Bernste » Sun, 04 May 1997 04:00:00



> If the latter, are there any texts on that?

The main collection of information on SYN cookies is

   ftp://koobera.math.uic.edu/pub/docs/syncookies-archive

---Dan
Let your users manage their own mailing lists. http://pobox.com/~djb/qmail.html