Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Syn-Cookies"
From NetSec
TriciaNoonan (Talk | contribs) |
Gonzalo58T (Talk | contribs) (Was complete bullshit. Fixing it with proper info.) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | Syn-cookies | + | Syn-cookies is a counter-measure against SYN flood attacks (see: [[DDoS_Attacks#Three_way_handshake_and_Connect_State|three-way tcp handshake]]) that enables resilience against these by storing the necessary state informations of the 3-way-handshake into some TCP headers (the Options and Timestamp headers) instead of keeping it in the server's RAM. Since it is a hack over TCP, Syn-cookies are usually automatically enabled during SYN-flood attacks by the operating system's network stack. |
| − | + | ||
| + | To disable them on Linux, set net.ipv4.tcp_syncookies to 0 (or write 0 into /proc/sys/net/ipv4/tcp_syncookies) | ||
| + | |||
| + | Syn-Cookies protect servers from basic SYN flood attacks quite well. | ||
Latest revision as of 16:07, 28 September 2012
Syn-cookies is a counter-measure against SYN flood attacks (see: three-way tcp handshake) that enables resilience against these by storing the necessary state informations of the 3-way-handshake into some TCP headers (the Options and Timestamp headers) instead of keeping it in the server's RAM. Since it is a hack over TCP, Syn-cookies are usually automatically enabled during SYN-flood attacks by the operating system's network stack.
To disable them on Linux, set net.ipv4.tcp_syncookies to 0 (or write 0 into /proc/sys/net/ipv4/tcp_syncookies)
Syn-Cookies protect servers from basic SYN flood attacks quite well.
