[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Tcp Syncookies vulnarability

i've read on the web these informations about tcp_syncookies:
3) Another vulnerability was discovered by Manfred Spraul and
 reported to Andi Kleen from SuSe. If syncookies are enabled and being
 sent by the kernel (during a synflood attack, for example), a remote
 attacker could initiate connections to ports protected by simple
 firewall rules such as the ones only filtering SYN packets. Because
 of the syncookies, the remote attacker doesn't have to send SYN
 packets to initiate the connection, only ACK ones, *but* with the
 correct magic cookie. In order to find the correct cookie, an
 attacker has to explore about 16 million values (2^24), which can be
 done in a few hours on a fast link.
 Use the following command to check if syncookies are enabled on your
 sysctl net.ipv4.tcp_syncookies
 A return value of "1" indicates that syncookies are enabled. To
 disable syncookies, execute the following as root:
 sysctl -w net.ipv4.tcp_syncookies=0 

so is it true or not ?

my question is still the same:
is tcp_syncookies reliable ?

thank you

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: