search for: syncookies

Displaying 17 results from an estimated 17 matches for "syncookies".

2015 May 04
1
syncookies.c
Default,syncookies are activate when syn list(backlog queue) is full. I want hybrid system. I propose a system , syncookies active dynamic per connection . where will I write code , where syncookies system does call in the code file.
2003 Apr 14
2
(OT) rfc1948 question
...d that SYN-ACK generation was moved to tcp_syncache.c I did not managed to find any rfc1948 related info in CVS log for this file. Maybe I just missed it. Then I just looked into my copy of tcp_syncache.c and found that: ;------------------Begin clipboard---------------------------- if (tcp_syncookies) sc->sc_iss = syncookie_generate(sc); else sc->sc_iss = arc4random(); ;--------------------End clipboard---------------------------- Is it the place where synack iss is generated? If yes, then why net.inet.tcp.syncookies sysctl is turned on by default?...
2002 Apr 16
0
FreeBSD Security Advisory FreeBSD-SA-02:20.syncache
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:20 Security Advisory FreeBSD, Inc. Topic: syncache/syncookies denial of service Category: core Module: net Announced: 2002-04-16 Credits: Alan Judge <Alan.Judge@eircom.net> Dima Ruban <dima@FreeBSD.org> Affects: FreeBSD 4.5-RELEASE FreeBSD 4.4-STABLE after 2001-12-14 19:53:01 UTC...
2015 May 12
1
New approach syncookies help me
Hello Everyone, I have 2 different suggestions about syn-cookies method which is used to block syn-flood attacks. Syn cookies bitwise image --------------------------------------------- T(5 bits) ---MSS(3 bits)-----H(24 bits) --------------------------------------------- So, 1- T value can be decreased to 2 bit which is already 5 bit.And hash value will be 27 bit. 2-Normally syn-cookies is
2003 May 19
5
FreeBSD firewall block syn flood attack
Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net
2001 Nov 06
0
Security Update: [CSSA-2001-38.0] Linux - syncookies firewall breaking problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - syncookies firewall breaking problem Advisory number: CSSA-2001-038.0 Issue date: 2001, November 05 Cross reference: ______________________________________________________________________________ 1. Problem Description The Linux kernel implements a method called 'syn cookies' to avoid deni...
2004 Feb 13
3
SYN Attacks - how i cant stop it
Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:
2001 Nov 02
0
[RHSA-2001:142-15] kernel 2.2 and 2.4: syncookie vulnerability
...ity Advisory ID: RHSA-2001:142-15 Issue date: 2001-10-26 Updated on: 2001-11-02 Product: Red Hat Linux Keywords: syncookie security kernel Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: Syncookies are used to protect a system against certain Denial Of Service (DOS) attacks. A flaw in this mechanism has been found which can be used to circumvent certain types of firewall configurations. Note: syncookies are not enabled in the default installation of Red Hat Linux but many server administrato...
2013 Aug 23
1
Setting Up LVS to Load Balance DNS
Greetings, all: OS: CentOS 6.4 x86_64 Kernel: 2.6.32-358.14.1 I could use some assistance with setting up pulse to load balance my dns servers. I've configured tcp and udp port 53 with the piranha gui, set up arptable rules on the real servers and added the virtual ip to the bond0 interface on the real servers, but I'm still having no luck in getting things going. A dig against the
2007 Apr 18
1
[Bridge] [BUG/PATCH/RFC] bridge: locally generated broadcast traffic may block sender
...S 2005-01-19 15:09:22.000000000 +0100 +++ b/CREDITS 2006-07-04 16:36:47.000000000 +0200 @@ -1599,6 +1599,13 @@ S: D-64295 S: Germany +N: Bernd Kischnick +E: kisch@gmx.li +D: the odd kernel fix +S: Alemannstr 11 +S: 30165 Hannover +S: Germany + N: Andi Kleen E: ak@muc.de D: network hacker, syncookies diff -urN a/net/bridge/br_device.c b/net/bridge/br_device.c --- a/net/bridge/br_device.c 2002-02-25 20:38:14.000000000 +0100 +++ b/net/bridge/br_device.c 2006-07-04 17:11:20.000000000 +0200 @@ -57,6 +57,7 @@ skb_pull(skb, ETH_HLEN); if (dest[0] & 1) { + skb_...
1997 Feb 28
0
forwarded from BoS: Linux anti-SYN flooding patch
I have just finished a patch to linux 2.0.29 that provides the SYN cookies protection against SYN flood attacks. You can grab it from my home page at: http://www.dna.lth.se/~erics/software/tcp-syncookies-patch-1.gz You can also follow the pointers from my home page (see the signature) to get a very short blurb about this patch. Quick synopsys: This implements the SYN cookie defense against SYN flooding. This implementation is a full bells and whistles version of the defense worked out by myself a...
2004 May 29
1
problem with 2.4.26 debian+vpn+qos+netfilter
hi i am running Debian/GNU Linux with 2.4.26 kernel and radius server my kernel conf looks like this <*> Packet socket [ ] Packet socket: mmapped IO < > Netlink device emulation [*] Network packet filtering (replaces ipchains) [*] Network packet filtering debugging [ ] Socket Filtering <*> Unix domain sockets [*] TCP/IP networking [*] IP: multicasting [*] IP: advanced
2013 Sep 05
0
windows guest network kept down automatically when several windows guest running in one KVM host,
...f.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736...
2004 Apr 06
4
SYN attacks
Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime.
2002 May 05
16
More on qdiscs
I notice one other small problem with my modified version of SFQ. The fact that packets can be dropped at dequeue time is incompatible with the way HTB (and probably CBQ and others modeled on it) keep statistics. When I fill a low rate queue causing packets to expire and be dropped at dequeue I get interesting statistics like this: This is my variant of SFQ qdisc plfq 8016: dev eth1 ... Sent
2006 Apr 12
1
powerd not behaving with an Asus A8V-MX and Athlon 64 X2 3800+
....inet.tcp.pcbcount: 4 net.inet.tcp.icmp_may_rst: 1 net.inet.tcp.isn_reseed_interval: 0 net.inet.tcp.inflight.enable: 1 net.inet.tcp.inflight.debug: 0 net.inet.tcp.inflight.rttthresh: 10 net.inet.tcp.inflight.min: 6144 net.inet.tcp.inflight.max: 1073725440 net.inet.tcp.inflight.stab: 20 net.inet.tcp.syncookies: 1 net.inet.tcp.syncache.bucketlimit: 30 net.inet.tcp.syncache.cachelimit: 15359 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.rexmtlimit: 3 net.inet.tcp.msl: 30000 net.inet.tcp.rexmit_min: 3 net.inet.tcp.rexmit_slop: 200 net.inet.tcp.always_keepalive: 1 n...
2009 Jul 22
109
Unable to Configure Xen Dom 0 in Jeremy''s PVOPS Kernel
Hi All, I followed the instructions here at http://bderzhavets.wordpress.com/2009/06/10/setup-fedora-11-pv-domu-at-xen-3-4-1-dom0-kernel-2-6-30-rc6-tip-on-top-of-fedora-11/ However, when I do a "make menuconfig", I cannot see any XEN related configuration options. What am I missing? Thank you. Mr. Teo En Ming Dip(Mechatronics Engineering) BEng(Hons)(Mechanical Engineering)