Last week I told you about bug fixes announced by Android as part of its May security bulletin. Well, over the weekend Samsung began releasing fixes for 27 vulnerabilities. Twenty-one of those are labeled as high severity. Handsets affected are the S9, Note 8 and S8 phones. Make sure you get them installed. Those of […]
If you can’t reach your favorite Linux developer by IM or e-mail today, it’s because they’re under a denial of service (DoS) attack.
The top programmers are all at the Linux Plumbers conference, which is being hammered by an Internet attacker.
Yes, even the best developers of the world can be put out of the commission when their internet is strangled.
According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, “Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious.”
The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it’s being mugged by one of the oldest attacks in the DoS book: a SYN flood.
In a SYN flood, the attacker breaks the normal TCP-startup three-way connection hand-shake. If you do this enough times, by “flooding” the router, the router runs out of memory and no one is able to make Internet connections.
The truly annoying thing about this type of attack –which has been around for more than 20 years — is that it’s easy to prevent. There are at least eight, count them eight, ways to mitigate SYN floods.
What’s far more troubling is that the Santa Fe ISP didn’t have any of the SYN flood defenses up. We know that massive Internet-killing DDoS attacks are on their way; and here we find a national ISP in a state capital can’t deal with an old-fashioned Internet assault.
I’ve predicted we’ll see serious Internet breakdown this year. Looking at this local Internet slowdown I’m surprised it hasn’t already. Yes, a lot of blame for Internet attacks goes to IoT manufacturers and insufficiently hardened web servers, but ISPs are guilty of poor security as well.
On most Linux machines, thwarting a SYN attack is really just few lines of the iptables firewall script added to the INPUT Chain
Here they are:
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP !!! stops NULL packet attacks
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP !!! && Stops syn-flood attacks
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP !!! Stops X-Mas packets