SYN cookie

Amit Mohan amitm at aol.net
Wed Dec 7 19:08:57 UTC 2005


I have very recently migrated my production farm to Linux from Solaris 
and have enabled the SYN cookie protection
hearing that they might actually work someday and save me :) The trafic 
to my site is around 5K hits/sec and it is almost
always a destination for hackers with different kind of attacks. I am 
totally new to Linux and after reading some internet
articles on SYN cookies I have some questions which I am puting below.

My sincere apologies to everyone if this is not the right listserv for 
the kind of question I am asking so feel free to kick me
out.

My questions are :

1)   Why RedHat does not have an extensive documentation on this subject 
? I have tried my level best but couldn't find anything
on the RH sites.

2)   After enabling the protection ideally I should not see any 
TIME_WAIT/CLOSE_WAIT connections in the netstat -na command.
According to the limited documentation I could find, this protection 
does not work unless there is a SYN attack on the site. Is this
statement true ? How do I know if it's working or not for me without 
going through an attack ?

3)   However, after enabling this feature I do see this :

netstat -s|grep SYN
137445 invalid SYN cookies received

What does it mean ?

Thanks for your time ,

Amit Mohan




More information about the redhat-list mailing list