Ricardo> Is there a patch to apply? How do I protect my 2.0.x
Ricardo> kernel from SYN floods?
You can. See http://www.uk.linux.org/ (NetNews i believe).
>> > I'm using kernel 2.1.10... I tried syn flooding my telnet
>> port, and it > still froze up, sending it as few as 10
>> packets/second. It would seem to > me that real syns are being
>> dropped along with fake syns. How does the syn > flood
>> protection work? Are the oldest un-acked syns being dropped? It
>> > doesn't seem like this to me, because most real connections
>> coming in > fail.
answering the original poster:
The 2.1 kernel still doesn't include syn flooding protection.
The code introduced in 2.1 till now, regarding the receipt of connection
requests, is ment to reduce the cost of a pending connection request
both in memory and processing (timers) requirements. This code was somewhat
buggy in the earlier releases but i hope it will finally be fixed in 2.1.12.
As the memory requirements for a syn-recv socket when down from 1k to ~ 60bytes
we hope than it will be ok to increase the socket queue by one order of
magnitude. Note that this doesn't solve the syn flooding problem per se.
Only makes it harder for the atacker and easier for us to add protection
mechanisms like random early drop.
./Pedro.