On Fri, Nov 10, 2000 at 06:50:59PM +0100, A.N.Kuznetsov wrote:
> Hello!
>
> > the firewall happens to be doing the handshaking on all incoming TCP
> > connections, been the victim
> > of several TCP/SYN flood attacks. maybe this is where it flakes? the
> > firewall intercepts the
> > client SYN, send the SYN/ACK, waits for the client ACK. if it gets the ACK
> > it's supposed to open
> > up a new connection to the server.
>
> I heard that such beasts exist, but believed that it is rather joke.
> Hmm... not a joke, indeed. Bad joke to be more exact. 8)
>
> Apparently, it tries to relay options received in server's SYN-ACK.
> It is too late to drink mineral water, when kidneys dilapidated. 8)8)
And someone posted a patch to let Linux do that on l-k a few weeks ago ...
(actually using syncookies so it at least didn't mangle any options)
-Andi
--
This is like TV. I don't like TV.
|