> Now the question: Are syncookies exactly that without need for an
> extra firewall? Are they only destination-port and not
> source-ip-address specific? As a conclusion, will linux server stay
> alive when others starve due to too high load, therefore beeing
> resistant against those attacks?
Syn cookies will basically cut the effect of a synflood to a load test. That
means your attacker has two possibilities left. The first is to directly
flood you with so much traffic your link is jammed, the second is to attack
by making millions of real connections via a distributed denial of service
type attack
If the attacker has sufficient resources both can succeed. All we (and anyone
else) can do is to make the job harder for them. A synflood is a kiddies trick
with a modem. Co-ordinating a large DDoS does require some effort and is likely
to lose you the compromised hosts after the attack.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 10 2000 - 15:39:39 EDT