DDoS DoS - SYN flood
State of IP spoofing (IP spoof)
https://spoofer.caida.org/summary.php
Molto bello, un pò datato (ma abbastanza attuale)
http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-34/syn-flooding-attacks.html
Firewall con SYN-flood protection
https://documents.software.dell.com/sonicos/6.1/administration-guide/firewall-settings/configuring-flood-protection/firewall-settings-flood-protection/layer-3-syn-flood-protection?ParentProduct=635
Operating system defense
https://en.wikipedia.org/wiki/SYN_cookies
Notare (da http://man7.org/linux/man-pages/man7/tcp.7.html):
tcp_syncookies (Boolean; since Linux 2.2) Enable TCP syncookies.
The kernel must be compiled with CONFIG_SYN_COOKIES. Send out syncookies when the syn backlog queue of a socket overflows. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. This is a violation of the TCP protocol, and conflicts with other areas of TCP such as TCP extensions. It can cause problems for clients and relays. It is not recommended as a tuning mechanism for heavily loaded servers to help with overloaded or misconfigured conditions. For recommended alternatives see tcp_max_syn_backlog, tcp_synack_retries, and tcp_abort_on_overflow.
https://spoofer.caida.org/summary.php
Molto bello, un pò datato (ma abbastanza attuale)
http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-34/syn-flooding-attacks.html
Firewall con SYN-flood protection
https://documents.software.dell.com/sonicos/6.1/administration-guide/firewall-settings/configuring-flood-protection/firewall-settings-flood-protection/layer-3-syn-flood-protection?ParentProduct=635
Operating system defense
https://en.wikipedia.org/wiki/SYN_cookies
Notare (da http://man7.org/linux/man-pages/man7/tcp.7.html):
tcp_syncookies (Boolean; since Linux 2.2) Enable TCP syncookies.
The kernel must be compiled with CONFIG_SYN_COOKIES. Send out syncookies when the syn backlog queue of a socket overflows. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. This is a violation of the TCP protocol, and conflicts with other areas of TCP such as TCP extensions. It can cause problems for clients and relays. It is not recommended as a tuning mechanism for heavily loaded servers to help with overloaded or misconfigured conditions. For recommended alternatives see tcp_max_syn_backlog, tcp_synack_retries, and tcp_abort_on_overflow.
