SYN cookies
http://cr.yp.to/syncookies.html
Citat:
What are SYN cookies?
SYN cookies are particular choices of initial TCP sequence numbers by TCP servers. The difference between the server's initial sequence number and the client's initial sequence number is
top 5 bits: t mod 32, where t is a 32-bit time counter that increases every 64 seconds;
next 3 bits: an encoding of an MSS selected by the server in response to the client's MSS;
bottom 24 bits: a server-selected secret function of the client IP address and port number, the server IP address and port number, and t.
This choice of sequence number complies with the basic TCP requirement that sequence numbers increase slowly; the server's initial sequence number increases slightly faster than the client's initial sequence number.
A server that uses SYN cookies doesn't have to drop connections when its SYN queue fills up. Instead it sends back a SYN+ACK, exactly as if the SYN queue had been larger. (Exceptions: the server must reject TCP options such as large windows, and it must use one of the eight MSS values that it can encode.) When the server receives an ACK, it checks that the secret function works for a recent value of t, and then rebuilds the SYN queue entry from the encoded MSS.
A SYN flood is simply a series of SYN packets from forged IP addresses. The IP addresses are chosen randomly and don't provide any hint of where the attacker is. The SYN flood keeps the server's SYN queue full. Normally this would force the server to drop connections. A server that uses SYN cookies, however, will continue operating normally. The biggest effect of the SYN flood is to disable large windows.
A o SYN cacheu probaj nešto saznati sa sljedećeg linka:
http://people.freebsd.org/~jlemon/papers/syncache.pdf
Knowledge is power.
SYN kesh i SYN kukiji, kako funkcionishu?
Registrovani: 2 ( misamilanovic, bojanum )