All of lore.kernel.org
 help / color / mirror / Atom feed
* SYN Cookies
@ 2002-12-19 11:08 augusto.favari
  2002-12-24  8:49 ` Federico Lombardo
  0 siblings, 1 reply; 5+ messages in thread
From: augusto.favari @ 2002-12-19 11:08 UTC (permalink / raw)
  To: netfilter

Hi! I was looking for SYN Cookies help about SYN
flooding.

What is the difference about just allowing the SYN
cookies system by default in the kernel and using the IP
tables rate-limit function ?

Iptables can use SYN cookies, can't it?

Thanks,

Augusto



__________________________________________________________________________
Venha para a VilaBOL!
O melhor lugar para você construir seu site. Fácil e grátis!
http://vila.bol.com.br




^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: SYN Cookies
  2002-12-19 11:08 SYN Cookies augusto.favari
@ 2002-12-24  8:49 ` Federico Lombardo
  2002-12-24 15:28   ` ifup: Delaying eth0 initialization Sundaram Ramasamy
  0 siblings, 1 reply; 5+ messages in thread
From: Federico Lombardo @ 2002-12-24  8:49 UTC (permalink / raw)
  To: netfilter

http://cr.yp.to/syncookies.html

Syn Cookies are a Kernel Capabilities, not a Netfilter one.

The rate limit just "rate" incoming TCP packet with SYN flag set.


----- Original Message -----
From: "augusto.favari" <augusto.favari@bol.com.br>
To: <netfilter@lists.netfilter.org>
Sent: Thursday, December 19, 2002 12:08 PM
Subject: SYN Cookies


Hi! I was looking for SYN Cookies help about SYN
flooding.

What is the difference about just allowing the SYN
cookies system by default in the kernel and using the IP
tables rate-limit function ?

Iptables can use SYN cookies, can't it?

Thanks,

Augusto



__________________________________________________________________________
Venha para a VilaBOL!
O melhor lugar para você construir seu site. Fácil e grátis!
http://vila.bol.com.br


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: ifup: Delaying eth0 initialization.
  2002-12-24 15:28   ` ifup: Delaying eth0 initialization Sundaram Ramasamy
@ 2002-12-24 14:57     ` Marcello Scacchetti
  2002-12-24 19:14     ` Sascha Reissner
  1 sibling, 0 replies; 5+ messages in thread
From: Marcello Scacchetti @ 2002-12-24 14:57 UTC (permalink / raw)
  To: Sundaram Ramasamy; +Cc: Netfilter mailinglist

Hi,
have you got a pcmcia network adapter?
If yes, your problem could be due to service startup timing...
Check your logs here:

> Dec 23 17:50:48 ptce ifup: Delaying eth0 initialization.
> Dec 23 17:50:48 ptce network: Bringing up interface eth0:  failed
> Dec 23 17:50:51 ptce pcmcia:  cardmgr.
> Dec 23 17:50:52 ptce rc: Starting pcmcia:  succeeded

Your pcmcia system is started after networking. You could lower the startup number of 
pcmcia service and try again.
(check /etc/init.d/rc5.d or /etc/rc5.d or runlevel 3)
Anyway i think this is not netfilter related......

Marcello


Il mar, 2002-12-24 alle 16:28, Sundaram Ramasamy ha scritto:
> Hi,
> 
> We have redhat 7.1 installed on the laptop, while booting the machine its
> giving  "network: Bringing up interface eth0:  failed" error message but
> network is working ( I was able to use telnet, ssh service from other
> computer). We are using Linksys network card.
> 
> How will I disable this error message.
> 
> boot.log file output:
> 
> Dec 23 17:50:48 ptce sysctl: net.ipv4.ip_forward = 0
> Dec 23 17:50:48 ptce sysctl: net.ipv4.conf.all.rp_filter = 1
> Dec 23 17:50:48 ptce sysctl: kernel.sysrq = 0
> Dec 23 17:50:48 ptce network: Setting network parameters:  succeeded
> Dec 23 17:50:48 ptce network: Bringing up interface lo:  succeeded
> Dec 23 17:50:48 ptce ifup: Delaying eth0 initialization.
> Dec 23 17:50:48 ptce network: Bringing up interface eth0:  failed
> Dec 23 17:50:51 ptce pcmcia:  cardmgr.
> Dec 23 17:50:52 ptce rc: Starting pcmcia:  succeeded
> 
> 
> [root@ptce log]# ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:04:5A:A0:B8:F5
>           inet addr:192.168.1.253  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:38421 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:533 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:1711 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1711 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0
> 
> 
> [root@ptce log]# lspci
> 00:00.0 Host bridge: Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge
> (rev 03
> )
> 00:01.0 PCI bridge: Intel Corporation 440BX/ZX - 82443BX/ZX AGP bridge (rev
> 03)
> 00:03.0 CardBus bridge: Texas Instruments PCI1225 (rev 01)
> 00:03.1 CardBus bridge: Texas Instruments PCI1225 (rev 01)
> 00:07.0 Bridge: Intel Corporation 82371AB PIIX4 ISA (rev 02)
> 00:07.1 IDE interface: Intel Corporation 82371AB PIIX4 IDE (rev 01)
> 00:07.2 USB Controller: Intel Corporation 82371AB PIIX4 USB (rev 01)
> 00:07.3 Bridge: Intel Corporation 82371AB PIIX4 ACPI (rev 03)
> 00:08.0 Multimedia audio controller: ESS Technology ES1983S Maestro-3i PCI
> Audio
>  Accelerator (rev 10)
> 00:08.1 Communication controller: ESS Technology ES1983S Maestro-3i PCI
> Modem Ac
> celerator (rev 10)
> 01:00.0 VGA compatible controller: ATI Technologies Inc Rage Mobility P/M
> AGP 2x
>  (rev 64)
> 
> 
> alias parport_lowlevel parport_pc
> alias sound-slot-0 maestro3
> post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L >/dev/null
> 2>&1
>  || :
> pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S >/dev/null
> 2>&1 |
> | :
> alias usb-controller usb-uhci
> options i810 xfreeversion=41
> options i810 xfreeversion=41
> 
> 
> 
> [root@ptce log]# lsmod
> Module                  Size  Used by    Not tainted
> parport_pc             17476   1  (autoclean)
> lp                      8576   0  (autoclean)
> parport                33536   1  (autoclean) [parport_pc lp]
> autofs                 11172   1  (autoclean)
> appletalk              23628   0  (autoclean)
> ipx                    19604   0  (autoclean)
> pcnet_cs               13316   1
> 8390                    8004   0  [pcnet_cs]
> ds                      8416   2  [pcnet_cs]
> yenta_socket           12000   2
> pcmcia_core            49888   0  [pcnet_cs ds yenta_socket]
> ipchains               40040   0
> usb-uhci               24324   0  (unused)
> usbcore                71072   1  [usb-uhci]
> 
-- 
Marcello Scacchetti <marcello.scacchetti@nextrem.it>


^ permalink raw reply	[flat|nested] 5+ messages in thread
* ifup: Delaying eth0 initialization.
  2002-12-24  8:49 ` Federico Lombardo
@ 2002-12-24 15:28   ` Sundaram Ramasamy
  2002-12-24 14:57     ` Marcello Scacchetti
  2002-12-24 19:14     ` Sascha Reissner
  0 siblings, 2 replies; 5+ messages in thread
From: Sundaram Ramasamy @ 2002-12-24 15:28 UTC (permalink / raw)
  To: Netfilter mailinglist

Hi,

We have redhat 7.1 installed on the laptop, while booting the machine its
giving  "network: Bringing up interface eth0:  failed" error message but
network is working ( I was able to use telnet, ssh service from other
computer). We are using Linksys network card.

How will I disable this error message.

boot.log file output:

Dec 23 17:50:48 ptce sysctl: net.ipv4.ip_forward = 0
Dec 23 17:50:48 ptce sysctl: net.ipv4.conf.all.rp_filter = 1
Dec 23 17:50:48 ptce sysctl: kernel.sysrq = 0
Dec 23 17:50:48 ptce network: Setting network parameters:  succeeded
Dec 23 17:50:48 ptce network: Bringing up interface lo:  succeeded
Dec 23 17:50:48 ptce ifup: Delaying eth0 initialization.
Dec 23 17:50:48 ptce network: Bringing up interface eth0:  failed
Dec 23 17:50:51 ptce pcmcia:  cardmgr.
Dec 23 17:50:52 ptce rc: Starting pcmcia:  succeeded


[root@ptce log]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:04:5A:A0:B8:F5
          inet addr:192.168.1.253  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:38421 errors:0 dropped:0 overruns:0 frame:0
          TX packets:533 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1711 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1711 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0


[root@ptce log]# lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge
(rev 03
)
00:01.0 PCI bridge: Intel Corporation 440BX/ZX - 82443BX/ZX AGP bridge (rev
03)
00:03.0 CardBus bridge: Texas Instruments PCI1225 (rev 01)
00:03.1 CardBus bridge: Texas Instruments PCI1225 (rev 01)
00:07.0 Bridge: Intel Corporation 82371AB PIIX4 ISA (rev 02)
00:07.1 IDE interface: Intel Corporation 82371AB PIIX4 IDE (rev 01)
00:07.2 USB Controller: Intel Corporation 82371AB PIIX4 USB (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB PIIX4 ACPI (rev 03)
00:08.0 Multimedia audio controller: ESS Technology ES1983S Maestro-3i PCI
Audio
 Accelerator (rev 10)
00:08.1 Communication controller: ESS Technology ES1983S Maestro-3i PCI
Modem Ac
celerator (rev 10)
01:00.0 VGA compatible controller: ATI Technologies Inc Rage Mobility P/M
AGP 2x
 (rev 64)


alias parport_lowlevel parport_pc
alias sound-slot-0 maestro3
post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L >/dev/null
2>&1
 || :
pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S >/dev/null
2>&1 |
| :
alias usb-controller usb-uhci
options i810 xfreeversion=41
options i810 xfreeversion=41



[root@ptce log]# lsmod
Module                  Size  Used by    Not tainted
parport_pc             17476   1  (autoclean)
lp                      8576   0  (autoclean)
parport                33536   1  (autoclean) [parport_pc lp]
autofs                 11172   1  (autoclean)
appletalk              23628   0  (autoclean)
ipx                    19604   0  (autoclean)
pcnet_cs               13316   1
8390                    8004   0  [pcnet_cs]
ds                      8416   2  [pcnet_cs]
yenta_socket           12000   2
pcmcia_core            49888   0  [pcnet_cs ds yenta_socket]
ipchains               40040   0
usb-uhci               24324   0  (unused)
usbcore                71072   1  [usb-uhci]




^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re:  ifup: Delaying eth0 initialization.
  2002-12-24 15:28   ` ifup: Delaying eth0 initialization Sundaram Ramasamy
  2002-12-24 14:57     ` Marcello Scacchetti
@ 2002-12-24 19:14     ` Sascha Reissner
  1 sibling, 0 replies; 5+ messages in thread
From: Sascha Reissner @ 2002-12-24 19:14 UTC (permalink / raw)
  To: Sundaram Ramasamy, Netfilter mailinglist

> We have redhat 7.1 installed on the laptop, while booting the machine its
> giving  "network: Bringing up interface eth0:  failed" error message but
> network is working ( I was able to use telnet, ssh service from other
> computer). We are using Linksys network card.
>
> How will I disable this error message.

[...]

sorry, but i don't see how this could be in any way in-topic to this mailing
list (you are not even using iptables. i see ipchains modules loaded in your
screendumps).

maybe it would help if you'd consult the support of your distributor
(redhat).




^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-12-24 19:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-12-19 11:08 SYN Cookies augusto.favari
2002-12-24  8:49 ` Federico Lombardo
2002-12-24 15:28   ` ifup: Delaying eth0 initialization Sundaram Ramasamy
2002-12-24 14:57     ` Marcello Scacchetti
2002-12-24 19:14     ` Sascha Reissner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.