[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Network security enhancement

On Sat, 3 Feb 2001, Sunil Dhaka wrote:

> The first query is a default setting in the sysctl.conf file 
>  # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 A SYN
> Attack is a denial of service attack that consumes all the resources
> on your machine, forcing you to reboot.  It is achievable from
> internal internal resources or external connections

> A TCP SYN cookie is a well known exploit and this feature
I believe the stuff being referred to is called `TCP SYN flooding'

And, this is what the (in)famous D. J. Bernstein has to say about SYN
cookies.  http://cr.yp.to/syncookies.html

Also take a look at the stuff titled `SYN flood protection' in the file
Documentation/Configure.help in the kernel source. 

bye  :)

>  enables TCP SYN cookie protection 
> -- Sunil Dhaka in search of Linux enlightenment