Re: how to check current backlog queue size(against synflood)
From: Seth Arnold (sarnold_at_wirex.com)
Date: 05/12/03
- Previous message: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
- In reply to: SB CH: "how to check current backlog queue size(against synflood)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 May 2003 14:02:31 -0700 To: focus-linux@securityfocus.com
On Mon, May 12, 2003 at 01:58:39AM +0000, SB CH wrote:
> echo 512 > /proc/sys/net/ipv4/tcp_max_syn_backlog
> How can I check current backlog queue size? any command or program?
$ cat /proc/sys/net/ipv4/tcp_max_syn_backlog
1024
> What is the theory of the syncookies?
Dan Bernstein's website is perhaps a good starting point:
http://cr.yp.to/syncookies.html
In short: make the sequence numbers 'cryptographically strong' to prevent
spoofed syn+acks .. this way, the receiving end does not need to store
state in state tables for simple syns -- when it receives a syn+ack,
it can re-compute the math, and find that the "cookie" sequence number
is legitimate. Of course, since sequence numbers are 32 bits long, there
isn't much cryptographical security here, but TCP is rarely given that
level of importance. (And IPSec/VPNs exist to help give TCP that level
of reliability, and SSL/SSH exist to give individual sessions that level
of reliability.)
I hope this helps
-- http://immunix.org/
- application/pgp-signature attachment: stored
- Previous message: Brian Hatch: "Re: how to check current backlog queue size(against synflood)"
- In reply to: SB CH: "how to check current backlog queue size(against synflood)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
