Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Need help on SYNCookies support to allow legitimate connections when IPV6 TCP SYN Flood exists

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
rkumark
Posts: 1
Joined: 2022-04-08 10:54

Need help on SYNCookies support to allow legitimate connections when IPV6 TCP SYN Flood exists

#1 Post by rkumark »

This is Roop. I'm working as Software engineer.
We have requirement as legitimate users should able to access our device while there is TCP SYN Flood attack.

I'm trying to explore on this. While surfing, observed SYN Cookie support exists for IPv6 in linux versions.
It'll be helpfull for me, if anyone shares valuable inputs/suggestions on observations made on handling IPv6 TP SYN flood attack to protect for legitimate users when SYN Cookie is in enable.

Generally, SYN Cookie should help to allow legitimate users connection while there is any SYN Flood attack.

We verified scenarios with both IPV4/IPV6 TCP SYN Flood traffic using netwox simulation tool towards target which have SYN Cookie enabled.

1) Observed legitimate users able to access target properly when there is IPv4 TCP SYN Flood attack from random sources.
2) But, Observing target unreachablity issue from legitimate users & high CPU utilization on target when there is IPv6 TCP SYN Flood attack. Generally, ping6 shouldn't get fail from legitimate users.

We are using linux v4.19.81. While check docs, observed that syncookies code patch exist for this version as well.

Please let us know whether any drawback/limitation exist with SYN Cookie for IPv6.

System info :
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 4.19.81-OpenNetworkLinux
Architecture: x86-64

Post Reply