Here is a message from nntp://news.grc.com/news.feedback
Somebody with good knowledge of the Linux SYN-Cookies should
probably drop by and discuss the matter...
Regards
Joerg
Subject: A *significant* dilemma . . .
Date: Mon, 25 Sep 2000 13:15:59 -0700
From: Steve Gibson <[EMAIL PROTECTED]>
Organization: Gibson Research Corporation
Newsgroups: news.feedback
Gang,
I'm in a BIG dilemma ... and I think some opinions and discussion
would be in order.
While detailing exactly why my system is different and superior to
what's been done before ... I was thinking through the LINUX SYN
Cookie approach and I *cracked* its security -- completely.
I can IP spoof flood -- and probably crash -- any (presumably LINUX)
kernel that's relying upon SYN Cookies for its "protection" since it
would be a connection-establishing ACK flood which is much more
dangerous than a fake handshake SYN flood.
So, the dilemma is what to do about that knowledge and information.
You know that I'd LOVE to explain exactly how and why SYN Cookies can
be crumbled. It would -- once and for all -- silence those who claim
that I have nothing new to offer. But wouldn't doing so be extremely
irresponsible since -- if Torinak's correct -- LINUX servers are
currently being "protected" by this insecure system? And since
cracking a SYN Cookie protected server is MUCH more damaging than SYN
flooding?
And if I declare that I've cracked SYN Cookies *without* explaining
how, won't people just claim that I haven't??
What do you guys think???
(By the way, if you hadn't already figured it out, SYN Cookies are a
REALLY BAD idea! They are *WORSE* than using nothing, since when
cracked (which is NOT difficult) they allow direct access to
connection establishment, completely bypassing handshaking.)
--
_________________________________________________________________
Steve Gibson, at work on: < http://grc.com/np/np.htm >
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
