how to check current backlog queue size(against synflood)

• Previous message: Bill Tihen: "IPChains Question (compatibility mode on kernel 2.4.x)"
• Next in thread: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
• Reply: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
• Reply: Seth Arnold: "Re: how to check current backlog queue size(against synflood)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: Mon, 12 May 2003 01:58:39 +0000

Hello, all.

I have studied the "syn flooding attack" and the syncookies function
against the attack.
But I have some questions about this.

AFAIK, the backlog queue is flooded and fulled with the facked syn packets.
so, anyone can increase his backlog queue like this.

echo 512 > /proc/sys/net/ipv4/tcp_max_syn_backlog

How can I check current backlog queue size? any command or program?

What is the theory of the syncookies?
I read syncookies.c source. But i can't understand.

Thanks in advance.

_________________________________________________________________
°í.. °¨.. µµ.. »ç.. ¶û.. ¸¸.. µé.. ±â.. MSN ·¯ºê
http://www.msn.co.kr/love/

• Previous message: Bill Tihen: "IPChains Question (compatibility mode on kernel 2.4.x)"
• Next in thread: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
• Reply: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
• Reply: Seth Arnold: "Re: how to check current backlog queue size(against synflood)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]