Now and then I hack on the Linux Kernel. These days I'm playing with the Linux TCP stack again, and I'm currently gearing up to help with the fine grained SMP rewrite.
Currently I have available for your hacking pleasure a patch to the linux-2.0.29 kernel that implements the SYN cookie defense against SYN flood attacks. Apply the following *patch to your kernel disribution and reconfigure the kernel. There will now be two new options under the networking options. One turns on SYN cookies, the other turns on a different defese algorithm called RST cookies. SYN cookies are probably better, but I kind of like RST cookies as well, so I included them for hack value. This is an alpha level release of this patch. It worked in my test setup, but that may not mean anything in the wider world. If you try it, please give me some feedback on its success or lack thereof. Eventually I'll port this forward to the 2.1.x series of kernels, but first I want to shake the bugs out of the 2.0.x implementation. You can find out a bit more about SYN flooding by reading the * CERT advisory. You can find out technical details about syncookies by reading the archives of the * syncookies mailing list.