Security Considerations
Simple firewalls that are configured to allow all outgoing connections but to restrict which ports an incoming connection can reach (for example, allow incoming connections to a Web server on port 80 but restrict all other ports), work by blocking only incoming SYN requests to unwanted ports. If SYN cookies are in operation, care should be taken to ensure an attacker is not able to bypass such a firewall by forging ACKs instead, trying random sequence numbers until one is accepted. SYN cookies should be switched on and off on a per-port basis, so that SYN cookies being enabled on a public port does not cause them to be recognised on a non-public port.
Read more about this topic: SYN Cookies
Famous quotes containing the word security:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)