Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
Sign in to follow this  
fromage

On SYN cookies

Recommended Posts

Posted (edited)

Hi there

I'm gonna briefly talk about syn cookies. What they are and how they mitigate syn flood attacks.

SYN flood attack

Syn flood attacks is a ddos performed thanks to the use of tcp syn flags. It violates the tcp three ways handshake (syn, syn-ack, ack).

The attackers inits a connection using a syn flag but is not acknoledging the server for it. (no ack from attacker). The attacker can also spoof source ip in the syn packet so the syn-ack is sent from the server to the spoof ip address.

The thing is resources are allocated on the server side to track half connections. Theses allocations may exceed the server resources leading that one to crash or at least to fail accepting new clients. (ddos)

SYN cookie

syn cookies are a way to prevent syn flood attacks (beyond many others, see rfc 4987). The implementation of a cookie using the tcp sequence allows to use the network as a memory storage for the syncookie. This prevents allocating resources for the syn queue on the server side. e.g.

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

If client responds the ack (syncookie+1), the server will be able to reconstruct the connection context based on the syncookie value.

tldr : syn queue entries are deported as a syn cookie over the network preserving server resources

See:

-

Hidden Content

    Give reaction or reply to this topic to see the hidden content.
tcp syn flooding attacks and common mitigations

-

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

-

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Edited by fromage
  • Like 1

Share this post


Link to post
Share on other sites

Nice tutorial! 

Share this post


Link to post
Share on other sites

More satifsying explanations of syn cookies on this thread : https://security.stackexchange.com/questions/20904/using-syn-cookies-to-perform-a-dos-attack

According to https://etherealmind.com/tcp-syn-cookies-ddos-defence/, this technique may be "a bad idea. The CPU requirement to deliver the mathematics for the function calculation is beyond the capacity of x86 servers".

Here is how to activate syn cookies on a linux machine : https://www.cyberciti.biz/faq/enable-tcp-syn-cookie-protection/

Share this post


Link to post
Share on other sites
Sign in to follow this  

×