Abstract
Current Linux kernels include a facility called TCP SYN cookies, conceived to face SYN flooding attacks. However, the current implementation of SYN cookies does not support the negotiation of TCP options, although some of them are relevant for throughput performance, such as large windows or selective acknowledgment. In this paper we present an improvement of the SYN cookie protocol, using all the current mechanisms for generating and validating cookies while allowing connections negotiated with SYN cookies to set up and use any TCP options. The key idea is to exploit a kind of TCP connection called “simultaneous connection initiation” in order to lead client hosts to send together TCP options and SYN cookies to a server being attacked.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35612-9_23
Chapter PDF
Similar content being viewed by others
References
D. J. Bernstein. SYN cookies. http://www.cr.yp.to/syncookies.html.
Syn cookies mailing list syncookies-archive@koobera. math.uic.edu. http://www.cr.yp.to/syncookies/archive.
J. Postel. Transmission Control Protocol. RFC 793, September 1981. available via DDN Network Center.
S. Bellovin. Defending Against Sequence Number Attacks. RFC 1948, May 1996. available via DDN Network Center.
P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2267, January 1998. available via DDN Network Center.
Livio Ricciulli, Patrick Lincoln, and Pankaj Kakkar. TCP SYN Flooding Defense. In Comm. Net. and Dist. Systems Modeling and Simulation Conf. (CNDS’ 99),, 1999 Western MultiConf. (WMC’ 99)„ San Francisco, CAL, USA, January 1999.
Eric Schenk. Another new thought on TCP SYN attacks, 1996. http://www.wcug.wwu.edu/lists/netdev/199609/msg00115.html.
V. Jacobson and R. Braden. TCP Extensions for Long-Delay Paths. RFC 1072, October 1988. available via DDN Network Center.
V. Jacobson, R. Braden, and D. Borman. TCP Extensions for High Performance. RFC 1323, May 1992. available via DDN Network Center.
R. Braden. Requirements for Internet Hosts — Communication Layers. RFC 1122, October 1989. available via DDN Network Center.
Q. Xie, K. Morneault, C. Sharp, H. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang, and V. Paxson. Stream Control Transmission Protocol. RFC 2960, October 2000. available via DDN Network Center.
Fyodor. Remote OS detection via TCP/IP Stack FingerPrinting, October 1998. http://www.insecure.org/nmap/nmap-fingerprinting-article.html.
Burak Dayioglu and Attila Özgit. Use of Passive Network Mapping to Enhance Signature Quality of Misuse Network Intrusion Detection Systems. In 16th Int. Symp. on Computer and Information Sciences, November 2001.
Honeynet Project. Know Your Enemy: Passive Fingerprinting. White Paper, January 2002. http://www.project.honeynet.org.
Matthew Smart, G. Robert Malan, and Farnam Jahanian. Defeating TCP/IP Stack Fingerprinting. In Proc. of the 9th USENIX Security Symp., 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Zúquete, A. (2002). Improving the Functionality of SYN Cookies. In: Jerman-Blažič, B., Klobučar, T. (eds) Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 100. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35612-9_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-35612-9_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4405-7
Online ISBN: 978-0-387-35612-9
eBook Packages: Springer Book Archive