From: "Dagamier *" <zayasj@hotmail.com> On Fri, 12 Dec 1997, Lasher <wolf@wolf.mudservices.com> wrote: >From my experience of syn floods they dont 'lag' a mud. The main >symptom is that the mud is running just fine, people are playing >away quite happily, yet, no-one else can establish a new connection. >Have never heard of syn floods causing a mud to lag bigtime, if I >am wrong then please correct me.. :) Sorry it's taken so long to respond. Anyways, what you said Lasher is mostly true. In most cases it "shouldn't" lag a mud but it can due to the way that TCP connections are made. The following is a brief report I gave to my boss while I was working on setting up some security issues where I work. Please this is for informational purposes and I assume no responsibility for those who want to use this in a destructive nature. 'Nuff said. SYN Flood: A standard TCP connection is established by sending a SYN packet to the destination host. The destination host then sends a SYN/ACK packet to the sending host. Now the sender sends a SYN/ACK back to the destination and a connection is established. Now, here is where the part about lagging comes in. Every system has a set amount of memory set aside to deal with all incoming connections. Depending on how big this chunck of memory is and if your machine is really a unix machine and not an x86 flavor of unix, an attacker can potentially cause your system to crawl by continuously send you SYN packets. This will cause all the memory set aside for establishing connections to be exhausted thereby, as Lasher said, disallowing any more connections to be made. The other side effect is that if enough of these packets are sent it can cause your system to slow down especially if your CPU is doubling as part of your network management and also dependent on the amount of memory that your system has set aside to establish these connections. Hope this information is useful and if you have any more Unix related questions feel free to ask. It's what I do for a living anyway and I enjoy mudding too much to see it pissed away by people attacking sites. Happy Mudding Dagamier of "A Merging of Fates"