What Are SYN Cookies?
In the current network environment built on the network protocol supported by IPv4, SYN Flood is a very dangerous and common DoS attack method. So far, there are not many ways to effectively prevent SYN Flood attacks, and SYN Cookie is the most famous one. The SYN Cookie principle was invented by DJ Bernstain and Eric Schenk. There are various implementations on many operating systems. This includes Linux. This article introduces the principles of SYN Flood attacks and SYN Cookies, and more importantly introduces the way to implement SYN Cookies in the Linux kernel. Finally, this article gives an idea to enhance the functionality of SYN Cookie in Linux.