Synflooding a Linux

From: Ivan Wong (
Date: 10/19/03

  • Next message: whiplash: "Re: [despammed] Synflooding a Linux"
    Date: Mon, 20 Oct 2003 01:51:12 +0800 (CST)

    Dear all,
    I m carrying out a research on DDOS attack and
    defence. After I have written
    the code for synflood, I try it in my private network
    with a Linux victim, but
    the result is not what I have expected.
    The victim is a Redhat 8 (kernel 2.4). I start the
    httpd and listen on port
    80. Then from another host I run my synflood program
    to atatck port 80 with
    2000 syn packets. At the victim host, I expect it to
    open up 1024 half-open
    connections (from tcp_max_syn_backlog), and then stop
    listening to the port,
    hold the conenctions for a few minutes after the
    attack. But the result is
    that the victim just open 770 conenctions at maximum
    (I get this
    from "netstat -n grep SYN_RECV -c" ) no matter how
    many packets I flood. But
    at the same time I use tcpdump at victim to count the
    syn packets received,
    all 2000 packets are received. Why the kernel doesn't
    open up the remaining
    Also, about 200 out of the 770 half-opened conenctions
    are closed very
    quickly. within a few seconds, I use "netstat -n grep
    SYN_RECV -c" again and
    only about 500 left. Then these 500 behave "normally",
    open up until a few
    minutes later.
    Someone suggest tcpcookies, but I m sure my Linux
    doesn't have one (There is
    no such a file /proc/sys/net/ipv4/tcp_syncookie). Also
    I m sure it's not my
    attack code's problem (it's not difficult to generate
    syn packets with spoofed
    source address, right?) since I have used famous
    attacking tools such as
    neptune and syn4k but still get the same result.
    Does anyone has any idea? Thanks so much.

    浪漫鈴聲 情心連繫

  • Next message: whiplash: "Re: [despammed] Synflooding a Linux"

    Relevant Pages

    • Re: I want to legitimise my XP
      ... LOL! ... I don't consider pointing out the truth to be an attack of any kind. ... "If the installed Windows is not legitimate integrity suggests the OP ... wanting to victimize the victim a second time. ...
    • =?windows-1252?Q?=93Finding_Face=2C=94_a_new_documentary_detailing_the_?= =?windows-1252?Q?l
      ... Acid Attack Documentary Finds Audience ... victim, showed in the US on Sunday, moving Cambodian and American ... The film had moved some viewers to inquire with their congressmen in ...
    • Re: I want to legitimise my XP
      ... posts and website that you need to attack to make your point. ... If the OP bought what the seller did not have for sale, ... Nope, my integrity is an extension of my common sense, and that says you ... At least I don't want a victim to be victimized twice over the same ...
      ... >> First attack non stop, ... >> Wait for the victim to get angry. ... Mothers have sons and husbands too. ...
    • Lesbians Brutal Gang Rape Investigated in Calif.
      ... Detectives say the 28-year-old victim was attacked Dec. 13 after she got out of her car, which bore a rainbow gay pride sticker. ... The men, who ranged from their late teens to their 30s, made comments indicating they knew her sexual orientation, said Richmond police Lt. Mark Gagan. ... Authorities are characterizing the attack as a hate crime but declined to reveal why they think the woman was singled out because of her sexual orientation. ...