hi ,
i am designing a DDOS Defense System.i have a doubt regarding sequence
number prediction.(in linux 2.4)
Assume i send a TCP SYN packet from attacker A (impersonated as H) to
Server S.
the reply(SYN+ACK) does not reach A but A predicts sequence numbers
assigned by the server.Now A sends back an ACK Packet to S with the
predicted sequence number(as though it received SYN+ACK from the
server).Now A can totally get the connection establishment done with
S.H who receives the SYN+ACK may reset
the connection by sending RST To the server.So A Floods the queue
buffers of S with SYN Packets and sees to it that the SYN+ACK does not
reach H .
1)Now by introduction of SYN Cookies threby preventing SYN Flooding
at server
* can i make sure that H resets the connection to S(if
H is up)?
2)can i know for sure the sequence number allocation policy of
linux2.4?
please help .Thanks in advance.
|
Similar Threads
Linear Mode
