本文探讨了FreeBSD系统如何通过syncache和syncookie两种机制来抵御SYN洪水攻击。即使关闭syncookie功能,系统似乎仍然使用该机制进行防御。
Yesterday, I have a test on FreeBSD 6 with synflooding. FreeBSD behaved very well but strange.
Though net.inet.tcp.syncookies is on by default, I set it to zero to disable syncookie, it seems that the FreeBSD was still using syncookie. I don't know if it's the normal operation. I'll do some dig into the source to see what will happen when set the MIB to 0.
After all, you should enable device polling before any other operations.
Though net.inet.tcp.syncookies is on by default, I set it to zero to disable syncookie, it seems that the FreeBSD was still using syncookie. I don't know if it's the normal operation. I'll do some dig into the source to see what will happen when set the MIB to 0.
After all, you should enable device polling before any other operations.
I've explored the source code. FreeBSD has implemented two mechanisms in the kernel, one is syncache, the other is syncookie. If you tuned syncookie on, the kernel will firstly find the matching entry in the syncache when received ACK packets, if no matching entry found, the kernel will do a check on the returned SN. If you turned the syncookie off, you will probably sufferring from the synflood (D)?DOS attack
扫一扫
874
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
