Tcp Syncookies vulnarability
i've read on the web these informations about tcp_syncookies:
-----------------------------------------------------------
3) Another vulnerability was discovered by Manfred Spraul and
reported to Andi Kleen from SuSe. If syncookies are enabled and being
sent by the kernel (during a synflood attack, for example), a remote
attacker could initiate connections to ports protected by simple
firewall rules such as the ones only filtering SYN packets. Because
of the syncookies, the remote attacker doesn't have to send SYN
packets to initiate the connection, only ACK ones, *but* with the
correct magic cookie. In order to find the correct cookie, an
attacker has to explore about 16 million values (2^24), which can be
done in a few hours on a fast link.
Use the following command to check if syncookies are enabled on your
system:
sysctl net.ipv4.tcp_syncookies
A return value of "1" indicates that syncookies are enabled. To
disable syncookies, execute the following as root:
sysctl -w net.ipv4.tcp_syncookies=0
------------------------------------------------------
so is it true or not ?
my question is still the same:
is tcp_syncookies reliable ?
thank you
SAM
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: