SYN floods (was: does history repeat itself?)

On my private network I can send 600 or more SYN packets to my telnet port
(w/faked, unreachable source addresses + random seq numbers), yet the
port doesn't seem to be flooded.

It's a linux box.

The telnet daemon seems to be able to tell the difference between a faked
packet and a real one. Even when spoofing from localhost, it reports a
connection from unknown.

Obviously, there seems to be a solution to this problem. ??

Billy Biggs
Ottawa, Canada

Nope; it's just that when the kernel on your linux box responds to the SYN,
the machine you're doing it from says "RST" and the SYN leaves the
"incompleted-connections" listen queue for the socket you're attacking.

If you forge random IP source addresses, those packets won't go away and
whatever you're pounding on will be hosed until a) 75 seconds (or whatever
the timer is set to) expires, or b) you kill and restart the service in