Internet illiterate
- Thread starter chet
- Start date
- Joined
- Feb 22, 1999
- Messages
- 828
Chet...
sorry for the boring answer, but welcome to the wonderful world of TCP/IP
A SYN flood is an exploit of the TCP/IP protocol (redundant, i know.) which you use when you are online.
A TCP connection makes a 3-way handshake. The connecting host sends a SYN packet to the receiving host. The receiving host sends a SYN/ACK packet back. The connecting host responds with an ACK to establish the connection.
In a SYN flood, the connecting host sends several SYN requests to the receiver, but when the receiver sends back the SYN/ACK packet, the connecting host doesn't respond with a final ACK.
Essentially, you open up a bunch of connections on a machine, filling up its buffer until it can no longer properly process requests.
I believe ISS has software that minimizes this problem. It's called 'RealSecure' or something like that.
There are lots of scripts out there for doing such a thing, so I'm not going to tell you how to do it. I believe Phrack magazine made it popular knowledge.
Obligitory knife banter: What knife would you use to skin a person who SYN floods your favorite web site and brings it down? Would you use a variety of knives for different tasks, or would you just lop off limbs with a Battle Mistress or a Kukhri?
Or are firearms more suitable for such as task
[This message has been edited by TomMarker (edited 16 June 1999).]
sorry for the boring answer, but welcome to the wonderful world of TCP/IP
A SYN flood is an exploit of the TCP/IP protocol (redundant, i know.) which you use when you are online.
A TCP connection makes a 3-way handshake. The connecting host sends a SYN packet to the receiving host. The receiving host sends a SYN/ACK packet back. The connecting host responds with an ACK to establish the connection.
In a SYN flood, the connecting host sends several SYN requests to the receiver, but when the receiver sends back the SYN/ACK packet, the connecting host doesn't respond with a final ACK.
Essentially, you open up a bunch of connections on a machine, filling up its buffer until it can no longer properly process requests.
I believe ISS has software that minimizes this problem. It's called 'RealSecure' or something like that.
There are lots of scripts out there for doing such a thing, so I'm not going to tell you how to do it. I believe Phrack magazine made it popular knowledge.
Obligitory knife banter: What knife would you use to skin a person who SYN floods your favorite web site and brings it down? Would you use a variety of knives for different tasks, or would you just lop off limbs with a Battle Mistress or a Kukhri?
Or are firearms more suitable for such as task
[This message has been edited by TomMarker (edited 16 June 1999).]
Tom, Thanks for the answere. I think that skinning might be better but Doc Welch is the one to ask. I would guess that multiple amputations would cause so much shock and blood loss that our subject would expire much to quickly. And Shooting is to kind.
Chet
Chet
- Joined
- Oct 3, 1998
- Messages
- 883
I say beat 'em to death with a beach ball. This is the slowest, most painful form of death imaginable, aside from simply being alive.
David Rock
PS: Think of it as humor.
[This message has been edited by David Rock (edited 16 June 1999).]
David Rock
PS: Think of it as humor.
[This message has been edited by David Rock (edited 16 June 1999).]
To expand on what Tom said:
TCP/IP is actually a suite of protocols (maybe two dozen, some active, some retired, some experimental, etc) that is named for its two most used protocols. The Transmission Control Protocol (TCP), establishes a connection between two machines before data is transferred, a virtual circuit if you will, much like when you pick up the phone and call one of your friends. Think of the first SYN packet as the phone ringing. When it is answered ("Hello?"), that's the SYN/ACK packet. When you respond, that's the ACK to establish the connection ("Good afternoon, may I speak with Mr. O'Reilly?") and everything gets underway. Think of the SYN flood as someone (or a bunch of someones) who keep calling (SYN) the receptionist and not saying anything after she says hello (SYN/ACK). She has to wait for a few beats to make sure she's not hanging up on someone real (ACK?), meanwhile the phone is ringing off the hook with what might be either prank or legitimate callers(SYN! SYN! SYN!). The receptionist is soon rendered impotent and chaos ensues.
As for doing it yourself: Companies pay a lot of money to people like me to hunt the Bad Guys down. If you don't have the background and really know what you're doing, the chances are you're going to get caught. If you get caught Bad Things could happen to you.
Fuzz.
TCP/IP is actually a suite of protocols (maybe two dozen, some active, some retired, some experimental, etc) that is named for its two most used protocols. The Transmission Control Protocol (TCP), establishes a connection between two machines before data is transferred, a virtual circuit if you will, much like when you pick up the phone and call one of your friends. Think of the first SYN packet as the phone ringing. When it is answered ("Hello?"), that's the SYN/ACK packet. When you respond, that's the ACK to establish the connection ("Good afternoon, may I speak with Mr. O'Reilly?") and everything gets underway. Think of the SYN flood as someone (or a bunch of someones) who keep calling (SYN) the receptionist and not saying anything after she says hello (SYN/ACK). She has to wait for a few beats to make sure she's not hanging up on someone real (ACK?), meanwhile the phone is ringing off the hook with what might be either prank or legitimate callers(SYN! SYN! SYN!). The receptionist is soon rendered impotent and chaos ensues.
As for doing it yourself: Companies pay a lot of money to people like me to hunt the Bad Guys down. If you don't have the background and really know what you're doing, the chances are you're going to get caught. If you get caught Bad Things could happen to you.
Fuzz.
- Joined
- Oct 2, 1998
- Messages
- 5,461
Man you guys are lightweights at torture. My idea involves a 1" PVC pipe, barbed wire, very little vaseline and a match
------------------
Best Regards,
Mike Turber
BladeForums Site Owner and Administrator
Do it! Do it right! Do it right NOW!
www.wowinc.com
------------------
Best Regards,
Mike Turber
BladeForums Site Owner and Administrator
Do it! Do it right! Do it right NOW!
www.wowinc.com
- Joined
- Jun 9, 1999
- Messages
- 4,729
Remind me not to tick you guys off. Also, has anyone seen the scene in The Mummy where the mummy is being mummified alive with the scarab beetles? That would be a start on the proper punishment to someone who crashed my favorite website.
------------------
Just because I talk to myself doesn't mean I'm crazy. What's wrong with getting a second opinion?
------------------
Just because I talk to myself doesn't mean I'm crazy. What's wrong with getting a second opinion?
- Joined
- Feb 22, 1999
- Messages
- 828
Diehard battery and nipple clamps...
nuff said..
In all seriousness though, people pulling denial of service attacks is only going to get worse before it gets better. There are so many people out there who really don't know what they're doing, but have a script that will do it all for them. They don't even have to know what TCP/IP stands for to bring it down
Makes me hate my job as an admin sometimes...
nuff said..
In all seriousness though, people pulling denial of service attacks is only going to get worse before it gets better. There are so many people out there who really don't know what they're doing, but have a script that will do it all for them. They don't even have to know what TCP/IP stands for to bring it down
Makes me hate my job as an admin sometimes...
I say the appropriate torture would be to place the syn-flooder in a room with adequate water and air supply, a cooking pot and burner and a Spydie Military, then brick up the doors and windows.
Think about it. (Hypothetically, of course...)
------------------
A mind all logic is like a knife all blade. It makes bleed the hand that uses it.
-Rabindranath Tagore
Think about it. (Hypothetically, of course...)
------------------
A mind all logic is like a knife all blade. It makes bleed the hand that uses it.
-Rabindranath Tagore
Gollnick
Musical Director
- Joined
- Mar 22, 1999
- Messages
- 29,258
The more I think about it, the more I have to agree with myself.
The Syn flooding attack is basically a lot of little slashes, any one of which would do virtually no harm, but which, together, cause a systematic collapse. A few thousand little slashes with a box cutter would be the same thing.
Chuck
The Syn flooding attack is basically a lot of little slashes, any one of which would do virtually no harm, but which, together, cause a systematic collapse. A few thousand little slashes with a box cutter would be the same thing.
Chuck
I don't see why a SYN flood would crash the web server though, it is more of a DoS attack than an attack that crashes things. Theoretically the listen queue should just get full and then the server starts refusing connections. Any ideas why it crashed?
Forgot to add, since you're running a linux box, if you want to stop SYN flooding, enable "TCP syncookie support" and recompile the kernel. It violates the TCP RFC but I haven't encountered any problems.
Adam
[This message has been edited by Uranium (edited 20 June 1999).]
Forgot to add, since you're running a linux box, if you want to stop SYN flooding, enable "TCP syncookie support" and recompile the kernel. It violates the TCP RFC but I haven't encountered any problems.
Adam
[This message has been edited by Uranium (edited 20 June 1999).]
- Joined
- Oct 2, 1998
- Messages
- 15,054
Uranium, please contact me offline about this, I have some questions to ask you.
Spark
------------------
Kevin Jon Schlossberg
SysOp and Administrator for BladeForums.com
Insert witty quip here
Spark
------------------
Kevin Jon Schlossberg
SysOp and Administrator for BladeForums.com
Insert witty quip here