Questions about this topic? Sign up to ask in the talk tab.

Syn-Cookies

From NetSec
Jump to: navigation, search

Syn-cookies is a counter-measure against SYN flood attacks (see: three-way tcp handshake) that enables resilience against these by storing the necessary state informations of the 3-way-handshake into some TCP headers (the Options and Timestamp headers) instead of keeping it in the server's RAM. Since it is a hack over TCP, Syn-cookies are usually automatically enabled during SYN-flood attacks by the operating system's network stack.

To disable them on Linux, set net.ipv4.tcp_syncookies to 0 (or write 0 into /proc/sys/net/ipv4/tcp_syncookies)

Syn-Cookies protect servers from basic SYN flood attacks quite well.