Comments on: TCP SYN Cookies – DDoS Defence http://etherealmind.com/tcp-syn-cookies-ddos-defence/ Network design, architecture, thinking, working. Tech. Wed, 23 May 2012 23:00:00 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: iptables: appropriate limits? http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-514 iptables: appropriate limits? Sat, 02 Jul 2011 12:07:17 +0000 http://etherealmind.com/?p=618#comment-514 [...] one's resources are depleted. That tread also turned me onto SYN cookies (mmm...cookies). Via an article about such, I discovered SYN cache, elaborated upon by Wesley Eddy. It turns out, however, that SYN [...] [...] one's resources are depleted. That tread also turned me onto SYN cookies (mmm…cookies). Via an article about such, I discovered SYN cache, elaborated upon by Wesley Eddy. It turns out, however, that SYN [...]

]]> By: Webscopia http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-513 Webscopia Tue, 17 Aug 2010 20:17:44 +0000 http://etherealmind.com/?p=618#comment-513 Does FreeBSD with PF enabled - is that able to totally block Syn Attacks by proxying them 100%? Does FreeBSD with PF enabled – is that able to totally block Syn Attacks by proxying them 100%?

]]> By: Show 6 – Chewing on DDOS ó Packet Pushers http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-512 Show 6 – Chewing on DDOS ó Packet Pushers Wed, 14 Jul 2010 07:50:36 +0000 http://etherealmind.com/?p=618#comment-512 [...] EtherealMind – TCP Syn Cookies as DDOS defence [...] [...] EtherealMind – TCP Syn Cookies as DDOS defence [...]

]]> By: Greg Ferro http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-511 Greg Ferro Wed, 10 Feb 2010 07:20:59 +0000 http://etherealmind.com/?p=618#comment-511 The loads they discuss here aren't really significant. Typically, I'm designing for archictectures that have around 500K to 1 million concurrent HTTP session. Syn cookies are not implemented on the servers since the code complexity reduces system reliability and are handled at the network layer. Also, Linux sysadmins don't typically have networking skills that comprehend TCP SYN floods. That said, it's usually the network person securing against a SYN Flood and not the server team. Therefore handling SYN floods at the network is far more common. YMMV. Note: At loads of 1 million concurrent sessions, you wouldn't be using an IOS router but dedicated device. The loads they discuss here aren’t really significant. Typically, I’m designing for archictectures that have around 500K to 1 million concurrent HTTP session. Syn cookies are not implemented on the servers since the code complexity reduces system reliability and are handled at the network layer. Also, Linux sysadmins don’t typically have networking skills that comprehend TCP SYN floods.

That said, it’s usually the network person securing against a SYN Flood and not the server team. Therefore handling SYN floods at the network is far more common. YMMV.

Note: At loads of 1 million concurrent sessions, you wouldn’t be using an IOS router but dedicated device.

]]> By: Thomas Jones http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-510 Thomas Jones Wed, 10 Feb 2010 02:02:11 +0000 http://etherealmind.com/?p=618#comment-510 see here: http://lwn.net/Articles/277146/ Syncookies take a system from serving nothing (due to syn flood) to almost as much as it does under no flood. Also syn cookies impose no extra cost unless the system is actually under attack or very heavy load (ie it would have just dropped the connection) see here:

http://lwn.net/Articles/277146/

Syncookies take a system from serving nothing (due to syn flood) to almost as much as it does under no flood.

Also syn cookies impose no extra cost unless the system is actually under attack or very heavy load (ie it would have just dropped the connection)

]]> By: Thomas Jones http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-509 Thomas Jones Wed, 10 Feb 2010 01:59:36 +0000 http://etherealmind.com/?p=618#comment-509 What's this about syn cookies being too computationally expensive? That's just rubbish What’s this about syn cookies being too computationally expensive? That’s just rubbish

]]> By: TCP: drop open request from .. | Mats Lindh http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-508 TCP: drop open request from .. | Mats Lindh Fri, 08 Jan 2010 10:03:15 +0000 http://etherealmind.com/?p=618#comment-508 [...] turning on TCP SYN Cookies while the attack is taking place is probably the best idea (as enabling TCP SYN Cookies will disable most high performance TCP options, you’ll want to disable it after the attack has subsided [...] [...] turning on TCP SYN Cookies while the attack is taking place is probably the best idea (as enabling TCP SYN Cookies will disable most high performance TCP options, you’ll want to disable it after the attack has subsided [...]

]]> By: Arturo Servin http://etherealmind.com/tcp-syn-cookies-ddos-defence/#comment-507 Arturo Servin Fri, 12 Sep 2008 12:43:28 +0000 http://etherealmind.com/?p=618#comment-507 Excellent post and very good references. I am doing my research on DoS and DDoS and this will be very helpful. Thanks, -as Excellent post and very good references. I am doing my research on DoS and DDoS and this will be very helpful.

Thanks,
-as

]]>