RE: WARNING from Michael Vincent K. Pozon - CompE on 2000-05-11 (squid-users)

From: Michael Vincent K. Pozon - CompE <vince@dont-contact.us>
Date: Thu, 11 May 2000 14:13:37 +0800 (PHT)

why not do this :

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

On Wed, 10 May 2000, Armistead, Jason wrote:

> Atif
>
> It doesn't matter about ACL rules. The SYN attack takes place BEFORE the
> TCP/IP connection is actually established and the connection gets handed
> over to Squid.
>
> i.e. Proxy TCP/IP stack gets a SYN, sends an ACK to the client, waits for
> another ACK back from the client and then the connection is established, at
> which time the connection is passed to Squid for handling.
>
> If there is no ACK back from the client, the proxy will retry sending its
> ACK several times (with progressively longer timeouts each time to allow for
> possible slow links) before failing the connection, but in this time it is
> wasting a connection and tying up all the related network resources (mainly
> RAM) on the proxy. This is what a SYN flood denial of service attack
> relies on, tying up TCP/IP resources so no-one else can access the server.
>
> Only after establishment can Squid do anything about the connection with
> ACLs, and even then I think it only issues the DENY when a URL is actually
> requested (I may be wrong, but I had a very quick look at the source code
> for where aclCheck is called from and it looked this way to me ...).
>
> Jason
>
>
> -----Original Message-----
> From: S M A [mailto:s_m_a_9@yahoo.com]
> Sent: Thursday, 11 May 2000 13:17
> To: Samir; squid-users@ircache.net
> Subject: Re: WARNING
>
>
> Dear,
>
> protect Your proxy from all the World attacks....
>
> I think you have allow all world to use your proxy.
>
> Make acl rule to deny all as immediate as possible.
>
> From,
>
> Atif
> --- Samir <samirfarooq@sat.net.pk> wrote:
> > WARNING: High TCP connect timeout rate! System (p
> > ort 8080) may be under a SYN flood attack!
> >
> > can any one explain ????
> > thanx for reply in advance :)
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>

--
m  i  c  h  a  e  l   v  i  n  c  e  n  t   p  o  z  o  n
             ::  mikevince@engineer.com  ::
---------------------------------------------------------------
HPS Software & Communication Corp.     ICQ : 1413343
Pilipino Internet Cebu              office : (+63)(32) 3447847
Systems/Network Administrator       home   : (+63)(32) 3446427
CCNA,CCDA  - -  - - - - - - - - - - cell   : (+63) 917-3276966
 - - - - - - - - - - - - - - - - -  http://mikevince.tripod.com
... i'm a man , and i can change ,
    if i really have to , i guess ...

Received on Thu May 11 2000 - 00:02:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:27 MST