Tcp Syncookies vulnarability

To: "debian" <debian-firewall@lists.debian.org>
Subject: Tcp Syncookies vulnarability
From: "sim ton" <firewall38@lycos.com>
Date: Mon, 13 May 2002 06:37:29 -0700
Message-id: <[🔎] OEDFOOHJKLAJMCAA@mailcity.com>
Reply-to: firewall38@lycos.com

i've read on the web these informations about tcp_syncookies:
-----------------------------------------------------------
3) Another vulnerability was discovered by Manfred Spraul and
 reported to Andi Kleen from SuSe. If syncookies are enabled and being
 sent by the kernel (during a synflood attack, for example), a remote
 attacker could initiate connections to ports protected by simple
 firewall rules such as the ones only filtering SYN packets. Because
 of the syncookies, the remote attacker doesn't have to send SYN
 packets to initiate the connection, only ACK ones, *but* with the
 correct magic cookie. In order to find the correct cookie, an
 attacker has to explore about 16 million values (2^24), which can be
 done in a few hours on a fast link.
 Use the following command to check if syncookies are enabled on your
 system:
 
 sysctl net.ipv4.tcp_syncookies
 
 A return value of "1" indicates that syncookies are enabled. To
 disable syncookies, execute the following as root:
 
 sysctl -w net.ipv4.tcp_syncookies=0 
------------------------------------------------------

so is it true or not ?

my question is still the same:
is tcp_syncookies reliable ?

thank you
SAM



-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Tcp Syncookies vulnarability
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: tcp_syncookies
Next by Date: Re: Problems with dhcp-client
Previous by thread: Re: tcp_syncookies
Next by thread: Re: Tcp Syncookies vulnarability
Index(es):
- Date
- Thread