[linux-security] forwarded from BoS: Linux anti-SYN flooding

Anthony Pardini (apardini@cmpu.net)
Sun, 02 Mar 1997 01:07:19 -0600

one might think it would get posted here 1st..

>Resent-Date: 1 Mar 1997 11:48:09 -0000
>Resent-Cc: recipient.list.not.shown:;
>Mbox-Line: From linux-security-request@redhat.com Sat Mar 1 06:48:02 1997
>Date: Fri, 28 Feb 1997 17:00:40 +0100
>From: Eric.Schenk@dna.lth.se
>To: linux-security@redhat.com
>Resent-Message-Id: <"8gme93.0.et6.oT16p"@mail2.redhat.com>
>Resent-From: linux-security@redhat.com
>Reply-To: linux-security@redhat.com
>X-Mailing-List: <linux-security@redhat.com> archive/latest/171
>X-Loop: linux-security@redhat.com
>Resent-Sender: linux-security-request@redhat.com
>Subject: [linux-security] forwarded from BoS: Linux anti-SYN flooding patch
>I have just finished a patch to linux 2.0.29 that provides
>the SYN cookies protection against SYN flood attacks.
>You can grab it from my home page at:
>You can also follow the pointers from my home page (see the signature)
>to get a very short blurb about this patch.
>Quick synopsys: This implements the SYN cookie defense
>against SYN flooding. This implementation is a full bells and whistles
>version of the defense worked out by myself and Dan Bernstein.
>The defense is only used when an attack appears to be under way.
>It also implements an alternative defense that I call RST cookies.
>RST cookies have the drawback that they may not make it through
>all firewall setups. They have the advtange that they don't increase
>the probability of a stuck TCP over lossey connections.
>(SYN cookies and random drop defenses both increase this probability.
>SYN cookies slightly more than random drops.) Its in the patch right
>now because I am still doing some experiments with it, and because
>I kind of like the idea. You can turn on both defenses at once if
>you want, but one or the other alone should be enough.
>This patch does not require any modifications to the size of the
>backlog queue in programs that need to be defended. Just apply the
>kernel patch, turn on the option in the kernel configurations and
>you should be set.
>I would classify this is an alpha quality patch. I've tested it
>myself, and it seems to work, but I make no guarantees. Please
>give me feedback!
>- --
>Eric Schenk www: http://www.dna.lth.se/~erics
>Dept. of Comp. Sci., Lund University email: Eric.Schenk@dna.lth.se
>Box 118, S-221 00 LUND, Sweden fax: +46-46 13 10 21 ph: +46-46 222 96 38
>[mod: Forwarded by Richard Jones and Robert Stone before it reached
>linux-security -- REW]