[clug] DDOS using SYN cookies.

Daniel Pittman daniel at rimspace.net
Wed Oct 1 23:47:59 GMT 2008

Sunnz <sunnzy at gmail.com> writes:

> http://it.slashdot.org/it/08/10/01/0127245.shtml
> Looks pretty serious, "there are no known mitigation" technique... now
> I don't completely understand this myself, I know that TCP initiates
> with a 3 way hand shake, but never know a SYN cookie is used to avoid
> DDOS attack... but now SYN cookies are used to do a DDOS?!

Given how many of the advanced features of TCP they disable, syncookies
are not all that good for you to start with, these days.

> What do you think?

Until they release details, this could be anything from a couple of IP
stack bugs through to a fundamental flaw in a protocol designed when
security was not a glimmer of an issue.

It is unlikely to cause the end of anything, not least because you can
*always* DoS things, and because whatever vulnerabilities it exploits
will be mitigated, somehow.


More information about the linux mailing list