Users login

Create an account »


Users login

Home » Hacking News » FreeBSD-SA-02:20-syncache/syncookies denial of service

FreeBSD-SA-02:20-syncache/syncookies denial of service

by Nikola Strahija on April 17th, 2002 The SYN cache ("syncache") and SYN cookie mechanism ("syncookie") are features of the TCP/IP stack intended to improve resistance to a class of denial of service attacks known as SYN floods.

Problem Description

Two related problems with syncache were triggered when syncookies were

1) When a SYN was accepted via a syncookie, it used an uninitialized
pointer to find the TCP options for the new socket. This pointer may
be a null pointer, which will cause the machine to crash.

2) A syncache entry is created when a SYN arrives on a listen socket.
If the application which created the listen socket was killed and
restarted --- and therefore recreated the listen socket with a
different inpcb --- an ACK (or duplicate SYN) which later arrived and
matched the existing syncache entry would cause a reference to the old
inpcb pointer. Depending on the pointer's contents, this might result
in a system crash.

Because syncache/syncookies support was added prior to the release of
FreeBSD 4.5-RELEASE, no other releases are affected.

III. Impact

Legitimate TCP/IP traffic may cause the machine to crash.

IV. Workaround

The first issue described may be worked around by disabling syncookies
using sysctl. Issue the following command as root:

# sysctl -w net.inet.tcp.syncookies=0

However, there is no workaround for the second issue.

V. Solution

1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_5
security branch dated after the respective correction dates.

2) To patch your present system: download the relevant patch from the
below location, and execute the following commands as root:

# fetch
# fetch

This patch has been verified to apply to 4.5-RELEASE only.

Verify the detached PGP signature using your PGP utility.

Execute the following commands as root:

# cd /usr/src
# patch -p
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »