Re: test SYN cookies (was Re: SYN cookies security bugfix?)

Ed L Cashin (ecashin@terry.uga.edu)
11 Nov 2001 00:17:30 -0500


Thank you much for the reply.

Alan Cox <alan@lxorguk.ukuu.org.uk> writes:

> > Is there anyone who has any evidence that SYN cookies do anything in
> > kernel 2.2.x? If so, how did you get that evidence, because I would
> > like to reproduce it.
>
> They work fine for me in 2.2.19/2.2.20.

That was reassuring enough that I persisted and found that the problem
was this: my home-spun SYN-flooder wasn't changing the TCP sequence
number, and so the "victim" was discarding the packets.

The three-second pause I observed previously was a red herring that
went away when I started using separate hosts for flooding and
connection-testing.

Now I see a night-and-day difference between with and without SYN
cookies (although when tcp_max_syn_backlog is set to more than a five
it takes a long time to fill the queue).

Thanks again.

-- 
--Ed Cashin                   PGP public key:
  ecashin@terry.uga.edu       http://www.terry.uga.edu/~ecashin/pgp/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/