Nice video. Well explained, and I like that you gave info on the hashing that its doing to check the connection. It seems to me that this is basically helping out the limitation of the TCP stack, knowing that it only has 64k ish of available ports. By doing doing the hashing, well, SYN cookie, you will then be needing to store that somewhere ready for the return connection if it comes. But wherever you are placing that hash, an array etc, won't have the same 64k limitation that the TCP stack has. I would also guess that the array the SYN cookies live inside will have a timeout, basically whatever threshold you have on the t variable. After that, it bins it off anyway.
To make sure I understand...when using a DoS mitigation appliance, or firewall with syn cookies enabled, is the initial SYN NOT sent to the server? In other words, the appliance sends the SYN ACK, and awaits an acknowledgement before setting up the session with the server. So the server never knows about the request until the firewall completes the 3-way handshake?
I don't understand how your magic pen works but...Great video!
bro its like recording a video with mirror in between. but horizontal mirror the video in post production.
@@krishnagupta6323 don't ruin the magic lol.
Nice video. Well explained, and I like that you gave info on the hashing that its doing to check the connection. It seems to me that this is basically helping out the limitation of the TCP stack, knowing that it only has 64k ish of available ports. By doing doing the hashing, well, SYN cookie, you will then be needing to store that somewhere ready for the return connection if it comes. But wherever you are placing that hash, an array etc, won't have the same 64k limitation that the TCP stack has. I would also guess that the array the SYN cookies live inside will have a timeout, basically whatever threshold you have on the t variable. After that, it bins it off anyway.
In 3:05, it should be Acknowledgement Number - 1 (instead of Sequence Number ) of the ACK packet. Great video, indeed. Thanks.
Thanks for the great explanation! Really needed it
yes very good
To make sure I understand...when using a DoS mitigation appliance, or firewall with syn cookies enabled, is the initial SYN NOT sent to the server? In other words, the appliance sends the SYN ACK, and awaits an acknowledgement before setting up the session with the server. So the server never knows about the request until the firewall completes the 3-way handshake?
Thank you very much, this was very helpful. I hope you make a video about SYN Cache too.
Thanks for the clear explanation
Nice explanation
very clear explanation .Thanks
Woah! He is writing in reverse.
Very clear
Obrigado!
thanks!