nanog mailing list archives
Re: SYN floods (was: does history repeat itself?)
From: Avi Freedman <freedman () netaxs com>
Date: Mon, 9 Sep 1996 22:25:53 -0400 (EDT)
On my private network I can send 600 or more SYN packets to my telnet port (w/faked, unreachable source addresses + random seq numbers), yet the port doesn't seem to be flooded. It's a linux box. The telnet daemon seems to be able to tell the difference between a faked packet and a real one. Even when spoofing from localhost, it reports a connection from unknown. Obviously, there seems to be a solution to this problem. ?? -- Billy Biggs Ottawa, Canada
Nope; it's just that when the kernel on your linux box responds to the SYN, the machine you're doing it from says "RST" and the SYN leaves the "incompleted-connections" listen queue for the socket you're attacking. If you forge random IP source addresses, those packets won't go away and whatever you're pounding on will be hosed until a) 75 seconds (or whatever the timer is set to) expires, or b) you kill and restart the service in question. Avi - - - - - - - - - - - - - - - - -
Current thread:
- Re: SYN floods (was: does history repeat itself?), (continued)
- Re: SYN floods (was: does history repeat itself?) Craig A. Huegen (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Robbie Honerkamp (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Avi Freedman (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Michael Dillon (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Dima Volodin (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Avi Freedman (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Craig A. Huegen (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Vektor Sigma (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Avi Freedman (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Taner Halicioglu (Sep 09)
- Re: SYN floods (was: does history repeat itself?) Curtis Villamizar (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 12)
- Re: SYN floods (was: does history repeat itself?) alex (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 13)
- Re: SYN floods (was: does history repeat itself?) alex (Sep 14)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 14)
- High-speed filtering boxes (Was: Re: SYN floods...) Paul Frommeyer (Sep 19)
- Re: High-speed filtering boxes (Was: Re: SYN floods...) Deepak Jain (Sep 19)
- Re: High-speed filtering boxes (Was: Re: SYN floods...) Paul Frommeyer (Sep 19)