Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Syn-Cookies"

From NetSec
Jump to: navigation, search
(Was complete bullshit. Fixing it with proper info.)
 
Line 1: Line 1:
Syn-cookies are a section inside of a SYN packet (see [[DDoS_Attacks#Three_way_handshake_and_Connect_State|three-way tcp handshake]]) that can cause a machine to keep a connection open or simply keep the socket threaded and wait for additional packets. Most administrators disable these with iptables on unix because of their affinity for making things more difficult during syn floods and [[DDoS Attacks]].
+
Syn-cookies is a counter-measure against SYN flood attacks (see: [[DDoS_Attacks#Three_way_handshake_and_Connect_State|three-way tcp handshake]]) that enables resilience against these by storing the necessary state informations of the 3-way-handshake into some TCP headers (the Options and Timestamp headers) instead of keeping it in the server's RAM. Since it is a hack over TCP, Syn-cookies are usually automatically enabled during SYN-flood attacks by the operating system's network stack.
 +
 
 +
To disable them on Linux, set net.ipv4.tcp_syncookies to 0 (or write 0 into /proc/sys/net/ipv4/tcp_syncookies)
 +
 
 +
Syn-Cookies protect servers from basic SYN flood attacks quite well.

Latest revision as of 16:07, 28 September 2012

Syn-cookies is a counter-measure against SYN flood attacks (see: three-way tcp handshake) that enables resilience against these by storing the necessary state informations of the 3-way-handshake into some TCP headers (the Options and Timestamp headers) instead of keeping it in the server's RAM. Since it is a hack over TCP, Syn-cookies are usually automatically enabled during SYN-flood attacks by the operating system's network stack.

To disable them on Linux, set net.ipv4.tcp_syncookies to 0 (or write 0 into /proc/sys/net/ipv4/tcp_syncookies)

Syn-Cookies protect servers from basic SYN flood attacks quite well.