Hi,
local german press tries to create a "cracker hype", because it was
discovered that there were some trojans successfully out there (guess
for which OS. ;o)). Some months ago, I read about "DDoS", syn flooding
from different, probably spoofed, source addresses. I also read that
it would be relatively easy to get rid of the problem by letting a
firewall blindly accept incoming tcp connections and then forward the
initial request after the originating host approved the connection.
Now the question: Are syncookies exactly that without need for an
extra firewall? Are they only destination-port and not
source-ip-address specific? As a conclusion, will linux server stay
alive when others starve due to too high load, therefore beeing
resistant against those attacks?
Xuân. :o)
P.S.: I know, if the tcp connection is open, it is open, and if a
server is waiting for request data which does not come for a long
time, it's the server that has to close the dormant connection.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:21 EST