Re: how to check current backlog queue size(against synflood)

On Mon, May 12, 2003 at 01:58:39AM +0000, SB CH wrote:
> echo 512 > /proc/sys/net/ipv4/tcp_max_syn_backlog
> How can I check current backlog queue size? any command or program?

$ cat /proc/sys/net/ipv4/tcp_max_syn_backlog 1024

> What is the theory of the syncookies?

Dan Bernstein's website is perhaps a good starting point: http://cr.yp.to/syncookies.html

In short: make the sequence numbers 'cryptographically strong' to prevent spoofed syn+acks .. this way, the receiving end does not need to store state in state tables for simple syns -- when it receives a syn+ack, it can re-compute the math, and find that the "cookie" sequence number is legitimate. Of course, since sequence numbers are 32 bits long, there isn't much cryptographical security here, but TCP is rarely given that level of importance. (And IPSec/VPNs exist to help give TCP that level of reliability, and SSL/SSH exist to give individual sessions that level of reliability.)

I hope this helps

-- 
http://immunix.org/

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek