Join Log in
Score:0
Gerry avatar Server

Automatic TCP SYN - cookie activation

ug flag
Gerry

I am simulating a SYN flood attack on a Raspberry Pi 1 with KALI Linux (ARM) installed. A similar message as mentioned in this post was printed after performing the attack: How to avoid syn cookies.

kernel: possible SYN flooding on port X. Sending cookies.

The net.ipv4.tcp_syncookies variable was set to 1 automatically.

Now my problem, is, that it is not possible to disable it anymore. I rewrote the value to 0 with sysctl -w net.ipv4.tcp_syncookies=0, but when performing the attack again, the kernel message is not shown. Additionally, after rebooting the system, the variable is set back to 1.

My questions would be:

  • Is the use of sysctl -w directly changing whether SYN - cookies are used for TCP connections (in real time)?
  • Why is the variable reset to 1 upon reboot?
  • Where can I configure/find the SYN - cookie activation automatism?

I tried disabling the NetworkManager service, resulting in the same behavior after reboot.

56
0 + 2
tcp
Jaromanda X avatar
ru flag
Jaromanda X
`sysctl` command doesn't make permanent changes, you'll want to read `man sysctl` and `man sysctl.conf`
3
Reply
Gerry avatar
ug flag
Gerry
By using `sysctl.conf` I could set the variable upon start, thank you. Will the variable force (not) to use syn - cookies, or can the kernel still decide? I am not sure how to check whether the `[SYN,ACK]` packets actually include the cookies (with Wireshark). Are there concrete reference points for this? Also, regarding my 3rd question, is there any way of configuring the kernel without `sysctl` or `sysctl.conf` and where can I find the automatism for activating syn - cookies?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.