Hardening the TCP/IP stack to SYN attacks

Hardening the TCP/IP stack to SYN attacks

Operating system: Linux RedHat

RedHat, like other Linux operating systems, has implemented a SYN cookies mechanism which can be enabled in the following way:

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Bei vdserver ist das scheinbar kein Problem

mobbi:~# iptables -L -v -n | wc -l 348

Wie Spam schaffen es diese Attaken mal zu ärgern. Wie beim Mobbing knicken wir wohl mal unter der Last zusammen um dann die Dinge zu dokumentieren und abzuwehren.

Wow to detect a SYN attack It is very simple to detect SYN attacks. The netstat command shows us how many connections are currently in the half-open state. The half-open state is described as SYN_RECEIVED in Windows and as SYN_RECV in Unix systems.

# netstat -n -p TCP

We can also count how many half-open connections are in the backlog queue at the moment. In the example below, 769 connections (for TELNET) in the SYN RECEIVED state are kept in the backlog queue.

# netstat -n -p TCP | grep SYN_RECV | grep :23 | wc -l 769

Delicious/macdet/tcp

bookmarks tagged tcp by macdet

bookmarks tagged tcp by macdet http://www.delicious.com/macdet/tcp

tonymacx86 Forum • View topic - Ethernet Performance issues

Wed, 09 Nov 2011 21:53:47 +0000

On one machine, you open an iperf server (can be Windows, Linux or another Mac) Code: Martin-Kous-MacBook-Pro:~ martinkou$ iperf -s ------------------------------------------------------------ http://www.tonymacx86.com/viewtopic.php?f=19&t=7277&start=0&hilit=nfs

TCP Performance problems caused be interaction between Nagle's Algorithm and Delayed ACK

Wed, 09 Nov 2011 19:25:25 +0000

This page describes a TCP performance problem resulting from a little-known interaction between Nagle's Algorithm and Delayed ACK. At least, I believe it's not well known: I haven't seen it documented elsewhere, yet in the course of my career at Apple I have run into the performance problem it causes over and over again (the first time being the in the PPCToolbox over TCP code I wrote myself back in 1999), so I think it's about time it was documented. http://www.stuartcheshire.org/papers/NagleDelayedAck/

Netzwerkscans : Angriff auf Firmennetzwerke: Hackeralltag

Fri, 02 Jan 2009 13:29:20 +0000

Um in IP-basierten Netzen eine logische Verbindung herzustellen, kommt das TCP-Protokoll zum Einsatz. Dieses stellt mit einem 3-Way Handshake sicher, dass alle an der Datenübertragung beteiligten Komponenten und die Kommunikationspartner über das Vorhandensein einer Verbindung und deren Übertragungsparameter informiert sind. http://www.tomshardware.com/de/angriff-auf-firmennetzwerke-hackeralltag,testberichte-1185-2.html

Mac OS X Shellcode

Thu, 21 Aug 2008 18:32:52 +0000

osx_ppc_bind Src Gen Mac OS X (PPC) 224 bytes This payload listens on a TCP port and waits for a connection. Once the connection has been established it executes /bin/sh with standard I/O redirected to the client TCP connection. http://www.metasploit.com/shellcode/mac_os_x/

OpenWRT - Ggl's wiki

Mon, 03 Mar 2008 17:23:07 +0000

root@(none):~# mkdir /tmp/wrt root@(none):~# mount -o rw /dev/mtdblock/4 /tmp/wrt root@(none):~# tar zcvf wrt-backup.tar.gz wrt/* To transfer the tarball to another host, use netcat. Start a listening netcat en port 4444 on 192.168.1.10 for example http://www.stacksegment.net/wiki/index.php/OpenWRT

Remote OS Detection using TCP/IP Fingerprinting (2nd Generation)

Tue, 09 Oct 2007 01:20:35 +0000

Remote OS Detection using TCP/IP Fingerprinting (2nd Generation) Table of Contents Introduction Reasons for OS Detection Determining vulnerability of target hosts Tailoring exploits Network inventory and support http://insecure.org/nmap/osdetect/

Heroine Virtual: XMovie

Tue, 09 Oct 2007 01:21:07 +0000

Super fast throughput over cheap ethernet. One day while waiting 3 hours for a movie to transfer you stared teary eyed at some dual ethernet ports and wondered if they could be somehow combined for ultra high speed file transfers. FIREHOSE gives you http://heroinewarrior.com/firehose.php3

Digital Genesis Technologies - PHREL

Tue, 09 Oct 2007 01:21:12 +0000

PHREL is a Per Host RatE Limiter written in C to efficiently track the rate of incoming traffic on a per host basis and insert a chain into iptables when a configured threshold is crossed. The inserted chain may either rate limit or completely block the http://www.digitalgenesis.com/software/phrel/

Diese sind meine Bookmarks!

-- DetlevLengsfeld 2007-03-03 06:54:16

Kategorie/TCP

 Tags: tcp | synflooding | ipspoofing | Attacks | linux | attack | network

Linux/Internet/TCP-SYN-Flooding-and-IP-Spoofing-Attacks (last modified 2008-11-04 07:00:06)