RE: device driver -> SYN flood?

Chris Jones (chris@black-sun.co.uk)
Wed, 18 Aug 1999 03:12:33 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

> Yes, can someone please elaborate on this. Is it fair to say that
> the kernel
> reports on all attacks in this way - I've never been attacked so
> I don't know.

As I understand it, the tcp stack is receiving lots of SYN socket
connections and suspects it may be under a DoS (Denial of Service)
attack, so it starts using SYN cookies. These are transparent to you
and the remote user, but prevent the attack (if one is happening - if
one isn't, service will continue as normal).
How they work is something I don't know.

Personally, I would have thought this sort of thing should be a
userspace thing, but I'm no authority on the matter.

- ---
_____ _ _ _____
| __ | |___ ___| |_ ___| __|_ _ ___ Chris "Ng" Jones
| __ -| | .'| _| '_|___|__ | | | | chris@black-sun.co.uk
|_____|_|__,|___|_,_| |_____|___|_|_| www.black-sun.co.uk
S o f t w a r e

"Linux is beating Windows" - David Cole, Microsoft Executive

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBN7oWkJhmBipjerS3EQJ1vwCgvx2j86VSQqOz0mHHrA1L8k8ZMH8AoNFq
YpDxRT7rN5/KfyRWFbAZ2ij1
=hDOX
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/