Date: Thu, 13 May 1999 22:46:09 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Thamer Al-Herbish <shadows@whitefang.com>, security@FreeBSD.ORG Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD Message-ID: <199905140546.WAA06542@salsa.gv.tsc.tdk.com> In-Reply-To: Thamer Al-Herbish <shadows@whitefang.com> "Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD" (May 13, 7:37pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On May 13, 7:37pm, Thamer Al-Herbish wrote: } Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD } Btw, if it matters any I liked Bernstein's syn cookies. The only } conceivable problem there was storing initial TCP option information } which could not be done because of the cookie-response design. } } Quick summary of syn cookies: } } You would send back a cookie as one the sequence number based on a } secret that changes every so often hashed with the clients initial } sequence number. If you get back a SYN-ACK, you check it against the } same hash, and a match means you can respond and finish the } handshake. You effectively _never_ store information about the first } SYNs and thus _never_ have to worry about resources. TCBs are } created after the hand shake is completed. One potential danger is that you can't totally block incoming connections to vulnerable ports by filtering out incoming SYN packets. If an attacker can guess what sequence number you would have sent in a SYN-ACK, he can establish a connection by just sending the third packet in the initial three-way handshake. This isn't especially easy to brute force because the sequence space is a 32 bit number, but it's not totally unreasonable either if the attacker is patient enough. The attacker may also be able to make better guesses if he knows the details of the implementation he is attacking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905140546.WAA06542>