On Thu, 11 May 2000, Michael Vincent K. Pozon - CompE wrote:
>
> why not do this :
>
> echo 1 > /proc/sys/net/ipv4/tcp_syncookies
>
what does that do?
>
>
>
> On Wed, 10 May 2000, Armistead, Jason wrote:
>
> > Atif
> >
> > It doesn't matter about ACL rules. The SYN attack takes place BEFORE the
> > TCP/IP connection is actually established and the connection gets handed
> > over to Squid.
> >
> > i.e. Proxy TCP/IP stack gets a SYN, sends an ACK to the client, waits for
> > another ACK back from the client and then the connection is established, at
> > which time the connection is passed to Squid for handling.
> >
> > If there is no ACK back from the client, the proxy will retry sending its
> > ACK several times (with progressively longer timeouts each time to allow for
> > possible slow links) before failing the connection, but in this time it is
> > wasting a connection and tying up all the related network resources (mainly
> > RAM) on the proxy. This is what a SYN flood denial of service attack
> > relies on, tying up TCP/IP resources so no-one else can access the server.
> >
> > Only after establishment can Squid do anything about the connection with
> > ACLs, and even then I think it only issues the DENY when a URL is actually
> > requested (I may be wrong, but I had a very quick look at the source code
> > for where aclCheck is called from and it looked this way to me ...).
> >
> > Jason
> >
> >
> > -----Original Message-----
> > From: S M A [mailto:s_m_a_9@yahoo.com]
> > Sent: Thursday, 11 May 2000 13:17
> > To: Samir; squid-users@ircache.net
> > Subject: Re: WARNING
> >
> >
> > Dear,
> >
> > protect Your proxy from all the World attacks....
> >
> > I think you have allow all world to use your proxy.
> >
> > Make acl rule to deny all as immediate as possible.
> >
> > From,
> >
> > Atif
> > --- Samir <samirfarooq@sat.net.pk> wrote:
> > > WARNING: High TCP connect timeout rate! System (p
> > > ort 8080) may be under a SYN flood attack!
> > >
> > > can any one explain ????
> > > thanx for reply in advance :)
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send instant messages & get email alerts with Yahoo! Messenger.
> > http://im.yahoo.com/
> >
>
> --
> m i c h a e l v i n c e n t p o z o n
> :: mikevince@engineer.com ::
> ---------------------------------------------------------------
> HPS Software & Communication Corp. ICQ : 1413343
> Pilipino Internet Cebu office : (+63)(32) 3447847
> Systems/Network Administrator home : (+63)(32) 3446427
> CCNA,CCDA - - - - - - - - - - - - cell : (+63) 917-3276966
> - - - - - - - - - - - - - - - - - http://mikevince.tripod.com
>
> ... i'm a man , and i can change ,
> if i really have to , i guess ...
>
>
Received on Thu May 11 2000 - 02:05:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:27 MST