i've read on the web these informations about tcp_syncookies: ----------------------------------------------------------- 3) Another vulnerability was discovered by Manfred Spraul and reported to Andi Kleen from SuSe. If syncookies are enabled and being sent by the kernel (during a synflood attack, for example), a remote attacker could initiate connections to ports protected by simple firewall rules such as the ones only filtering SYN packets. Because of the syncookies, the remote attacker doesn't have to send SYN packets to initiate the connection, only ACK ones, *but* with the correct magic cookie. In order to find the correct cookie, an attacker has to explore about 16 million values (2^24), which can be done in a few hours on a fast link. Use the following command to check if syncookies are enabled on your system: sysctl net.ipv4.tcp_syncookies A return value of "1" indicates that syncookies are enabled. To disable syncookies, execute the following as root: sysctl -w net.ipv4.tcp_syncookies=0 ------------------------------------------------------
so is it true or not ? my question is still the same: is tcp_syncookies reliable ? thank you SAM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
