SYN Flood is well protected in the Linux kernel. SYN Cookie implementation in Linux Kernel In practical applications, there are multiple implementation methods. If valid, assign a dedicated data area to process future TCP connections.įrom the above introduction, we can see that the principle of SYN Cookie is relatively simple.
When receiving a tcp ack packet, the TCP server checks the validity of the tcp ack packet based on the cookie value. The principle is that when the TCP server receives the tcp syn Packet and returns the tcp syn + ACK packet, a cookie value is calculated based on the SYN Packet instead of a dedicated data zone. SYN Cookie is a method used to modify the three-way handshake protocol on the TCP server to prevent SYN Flood attacks. This will cause a great burden on the TCP server system, and eventually the system will not work properly. According to the above description, the victim will allocate a specific data zone for each tcp syn packet, as long as these SYN packets have different source addresses (this is easy for attackers to forge ). In this case, the attacker is a TCP client and the victim is a TCP server. In the most common SYN Flood attack, an attacker sends a large number of tcp syn packets to the victim in a short time. Generally, the Connection status when the SYN packet is received but the ACK packet is not received is Half-open Connection ). It is worth noting that when the TCP server receives the tcp syn request packet, before sending the tcp syn + ACK packet back to the TCP client, the TCP server must first allocate a data zone dedicated to serve the upcoming TCP connection. The initiator of the TCP connection is called "TCP Client", and the receiver of the TCP connection is called "TCP Server )". Everyone knows the Protocol stipulates that if one end wants to initiate a TCP connection to the other end, it needs to first send the tcp syn packet to the other end, and the other end sends a tcp syn + ACK packet back after receiving the packet, the initiator sends the tcp ack packet back, and the three-way handshake ends. SYN Flood attacks use the Three-Way Handshake process of TCP in IPv4.
The so-called denial of service-type attacks means that the victim host or network cannot provide good services through attacks, thus indirectly achieving the purpose of attacks. SYN Flood attack is a typical Denial-of-Service (Denial of Service) attack. Finally, this article provides an idea to enhance the SYN Cookie function in Linux.
#Syn cookies how to#
More importantly, it introduces how to implement SYN cookies in the Linux kernel. This article introduces the principles of SYN Flood attacks and SYN cookies respectively. Various implementations are available in many operating systems. So far, there are not many effective methods to prevent SYN Flood attacks, and SYN Cookie is one of the most famous methods. SYN Flood is a very dangerous and common DoS attack method in the network environment built on IPv4-supported network protocols.
0 kommentar(er)
