Skip to main content
Book ChapterOPEN ACCESS

IMPROVING THE FUNCTIONALITY OF SYN COOKIES

Springer Science and Business Media Deutschland GmbH, (2002), 57-77
DOI: 10.1007/978-0-387-35612-9_6
26Citations
Citations of this article
18Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Current Linux kernels include a facility called TCP SYN cookies, con-ceived to face SYN flooding attacks. However, the current implementation of SYN cookies does not support the negotiation of TCP options, although some of them are relevant for throughput performance, such as large windows or selective acknowledgment. In this paper we present an improvement of the SYN cookie protocol, using all the current mechanisms for generating and validating cookies while allowing connections negotiated with SYN cookies to set up and use any TCP options. The key idea is to exploit a kind of TCP connection called "simultaneous connection initiation" in order to lead client hosts to send together TCP options and SYN cookies to a server being attacked.

Author supplied keywords

Cite

CITATION STYLE

APA

Zuquete, A. (2002). IMPROVING THE FUNCTIONALITY OF SYN COOKIES. In IFIP Advances in Information and Communication Technology (Vol. 100, pp. 57–77). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-0-387-35612-9_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free