>It seems that the IMAIL 6.06 Web Messaging Server is susceptible to a SYN
>attack.
>I would be interested in hearing if IMAIL 7.0x is susceptible...
It's your server that is susceptible, not IMail. IMail has no control over
this.
The TCP/IP stack is responsible for allowing a certain number of "half
open" connections (the SYN is sent by a computer that wants to connect by
TCP/IP, your computer responds with a SYN+ACK saying "OK, you can connect;
please acknowledge", and the remote computer responds back with an ACK
saying "OK, the connection is complete."). If a remote computer sends
multiple SYN's without acknowledging them, they will stay "half open" on
your server. I believe that Windows by default only allows 5 such
connections (which get freed up after a few minutes). Once the hacker
sends 5 of 'em, nobody else can connect until one of them is freed up
(either until several minutes pass by, or the hacker stops. Other OS's
allow more, but it only takes a second or so to send 256 SYNs at 60 bytes a
piece.
Note that if you have a half decent firewall, it should protect you from
these attacks.
A historical note: Panix, the largest ISP in New York at the time, was
shut down (about 6 years ago) for about a week by hackers doing this.
>For those that don't know what a SYN attack is, a remote node
>initiates a TCP/IP conversation by sending a SYN packet....
Whoops, sorry, I didn't mean to repeat you. That's what I get for not
reading ahead. But the key point is that IMail has no way to control this,
it's (almost) 100% an OS issue.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
