[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Network security enhancement

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Network security enhancement
From: Anmol Khirbat <anmol@xxxxxxxxxxx>
Date: Sat, 3 Feb 2001 04:07:01 -0800 (PST)
In-reply-to: <20010203152034.798d2c73.lindel@net4india.com>

On Sat, 3 Feb 2001, Sunil Dhaka wrote:

> The first query is a default setting in the sysctl.conf file 
>  # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 A SYN
> Attack is a denial of service attack that consumes all the resources
> on your machine, forcing you to reboot.  It is achievable from
> internal internal resources or external connections

> A TCP SYN cookie is a well known exploit and this feature
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I believe the stuff being referred to is called `TCP SYN flooding'
http://www.cert.org/advisories/CA-1996-21.html

And, this is what the (in)famous D. J. Bernstein has to say about SYN
cookies.  http://cr.yp.to/syncookies.html

Also take a look at the stuff titled `SYN flood protection' in the file
Documentation/Configure.help in the kernel source. 

bye  :)
Anmol

>  enables TCP SYN cookie protection 
> -- Sunil Dhaka in search of Linux enlightenment

References:
- Re: Network security enhancement
  - From: Sunil Dhaka

Prev by Subject: Re: Network security enhancement
Next by Subject: New version of lilo supports large hdds
Previous by thread: Re: Network security enhancement
Next by thread: Error loading sound module
Index(es):
- Subject
- Thread