SYN Cookies - Security Considerations

Security Considerations

Simple firewalls that are configured to allow all outgoing connections but to restrict which ports an incoming connection can reach (for example, allow incoming connections to a Web server on port 80 but restrict all other ports), work by blocking only incoming SYN requests to unwanted ports. If SYN cookies are in operation, care should be taken to ensure an attacker is not able to bypass such a firewall by forging ACKs instead, trying random sequence numbers until one is accepted. SYN cookies should be switched on and off on a per-port basis, so that SYN cookies being enabled on a public port does not cause them to be recognised on a non-public port.

Read more about this topic:  SYN Cookies

Other articles related to "security considerations, security":

HTML Application - Environment - Security Considerations
... When a regular HTML file is executed, the execution is confined to the security model of the web browser, that is, it is confined to communicating with the server, manipulating the page's object model (usually ...
Cmsg - Security Considerations - Hierarchy Keys
... Theoretically this system is also applicable to cancel messages ... However, it would not only require a key pair for every Usenet user but also that the respective public key is known to every news server ...

Famous quotes containing the word security:

    The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.
    Dorothy Allison (b. 1949)