North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods (was: does history repeat itself?)
On Mon, 9 Sep 1996, Vektor Sigma wrote: > On my private network I can send 600 or more SYN packets to my telnet port > (w/faked, unreachable source addresses + random seq numbers), yet the > port doesn't seem to be flooded. > > It's a linux box. > > The telnet daemon seems to be able to tell the difference between a faked > packet and a real one. Even when spoofing from localhost, it reports a > connection from unknown. > > Obviously, there seems to be a solution to this problem. ?? I'd like to see this. First of all, the telnet daemon never sees the SYN. The SYN is responded to by the kernel (with a SYN/ACK). [email protected]:ttyp6 (Linux) ~/code >./syn ./syn srchost dsthost port num [email protected]:ttyp6 (Linux) ~/code >./syn 1.2.3.4 boom.net 23 10 synflooding boom.net from 1.2.3.4 port 23 10 times Now to try to connect to it... [email protected]:~ >telnet boom.net Trying 134.24.7.153 ... telnet: connect: Connection timed out telnet> And why? [email protected]:ttyp6 (Linux) ~ >netstat -tn | grep 1.2.3.4 tcp 0 1 134.24.7.153:23 1.2.3.4:59914 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:60170 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:60426 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:60682 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:60938 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:61194 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:61706 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:61962 SYN_RECV root tcp 0 1 134.24.7.153:23 1.2.3.4:62218 SYN_RECV root [email protected]:ttyp6 (Linux) ~ >uname -a Linux BOOM.NET 2.0.0 #5 Sun Sep 1 21:34:31 PDT 1996 i486 Looks like Linux can only queue 9 SYN's... -Taner -=-=-=-=-=-=-=-=-=-=-=-=[ D. Taner Halicioglu ]=-=-=-=-=-=-=-=-=-=-=-=- [email protected] -=- [email protected] -=- [email protected] IRC Admin: irc.cerf.net -=- U. of California, San Diego, Computer Sci. [email protected] -=- Cisco Systems -=- Enterprise Network Management -=-=-=-=-=-=[ Linux 2.0.* OS -- http://www.sdsc.edu/~taner/ ]=-=-=-=-=- - - - - - - - - - - - - - - - - -
|