From: Ed L Cashin <ecashin@terry.uga.edu>
To: linux-kernel@vger.kernel.org (Linux kernel)
Subject: Re: test SYN cookies (was Re: SYN cookies security bugfix?)
Date: 10 Nov 2001 17:04:47 -0500 [thread overview]
Message-ID: <m34ro2ffk0.fsf@terry.uga.edu> (raw)
In-Reply-To: <E161oM3-0007Xm-00@the-village.bc.nu> <m3y9lgkjnl.fsf@terry.uga.edu>
Ed L Cashin <ecashin@terry.uga.edu> writes:
...
> What is a good way to test SYN cookies? I can induce a three-second
> delay (on victim host V) before new TCP connections are accepted by
> sending a burst of 2000 SYN packets (from attacker A), where V is
> running a 2.2.14 or 2.2.17 kernel. During the three seconds ICMP echo
> requests from A to V are being answered.
>
> Turning on SYN cookies after /proc is mounted does not affect the
> three-second pause, though, so I figure that either the pause is not
> on account of a full half-open connection queue or SYN cookies are not
> working.
OK, I have found out that when I use three hosts to try to test SYN
cookies there is no pause, so the pause was a red herring. However,
tests still seem to indicate that the SYN cookies feature doesn't do
anything.
Host A sends a SYN flood to host B, now sporting a new 2.2.20 kernel
(with SYN cookie support, of course). Host C makes repeated TCP
connections and ICMP echo requests to host B in order to monitor host
B.
However, even after setting tcp_max_syn_backlog to 1 on host B, I do
not observe any difference in connection times (from B to C) during a
SYN flood (from A to B) whether tcp_syncookies are on or off on host B
(1 or 0). I am restarting the server on B each time I make an
adjustment in /proc.
Is there anyone who has any evidence that SYN cookies do anything in
kernel 2.2.x? If so, how did you get that evidence, because I would
like to reproduce it.
--
--Ed Cashin PGP public key:
ecashin@terry.uga.edu http://www.terry.uga.edu/~ecashin/pgp/
next prev parent reply other threads:[~2001-11-10 22:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-08 5:20 SYN cookies security bugfix? B. James Phillippe
2001-11-08 8:32 ` Gianni Tedesco
2001-11-08 12:32 ` Alan Cox
2001-11-08 22:00 ` test SYN cookies (was Re: SYN cookies security bugfix?) Ed L Cashin
2001-11-10 22:04 ` Ed L Cashin [this message]
2001-11-10 22:34 ` Alan Cox
2001-11-11 5:17 ` Ed L Cashin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m34ro2ffk0.fsf@terry.uga.edu \
--to=ecashin@terry.uga.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.