eWeek: Beware Linux vendors that don't 'get it'Dec 04, 2000, 19:36 (39 Talkback[s])
(Other stories by David Thompson)
"A few weeks ago, I was approached by the operators of an independent Web site about a denial-of-service problem. ... Syn attacks use TCP/IP against itself. The attacker tries to initiate a session from a forged, nonexistent IP address. The server tries to respond and holds open a connection request, waiting for a response that will never come. The attacker keeps repeating this, forcing the host to fill up its connection queues, eventually disabling the host. This attack is virtually untraceable and does not require much bandwidth to execute."
"The Web site operators don't have much money to work with, so they can't afford intrusion detection systems, firewalls or other devices that will stop this type of attack. Without many options, I started talking to the operating system vendor. This site is running on a version of Linux called Mandrake, marketed by a French company. A clever patch was developed for Linux by Alan Cox. It works quite well but must be compiled into the kernel to operate."
"My trip to the Mandrake Web site was, well, interesting. I was unable to determine if this patch is available for the Mandrake version of Linux. The site was filled with self-congratulatory rhetoric and an equal amount of anti-Microsoft propaganda, but very little in the way of technical support and not a single phone number. My attempts to contact anyone who could answer a question about this patch met with failure. Two weeks later, no one had responded to my inquiries."