[tech] hydra

[Michael Deegan]

On Sat, Sep 01, 2001 at 03:26:56AM +0800, Bryden Quirk wrote:
> > > what is ip_conntrack  and what is that buffer refing to ?
> > 
> > When I am asked such questions where 10 minutes of research will
> > discover the answer, I usually subscribe to the teach a man to fish
> > philosophy and reply, "RTFM."
> > 
> > But I am unable to supress the rage to shout, "IT TRACKS
> > CONNECTIONS, YOU IDIOT."
> 
> I was after alittle more detail as to what spisificly about the
> connections it was tracking in what manner and for what purpose in this
> situation.
> 
> I dont belive the kernal documentation will have alittle note about what
> the ucc dose with this.
> 
> aka is it appart of the charged tunnle, coke , etc..
> dose the ucc use it as a primitive netflow alternitive
> or is it being used for pointless statistial infomation ?

Connection tracking is usually used to make various protocols work over
NAT/IP masq (eg. FTP, IRC DCC, etc).

I'm a little bit hazy on why it tracks UDP sessions though. Probably to make
sure that multiple UDP packets get NATted out the same router port.
'ipchains -M -S ...' lets you set various timeouts. Setting UDP timeouts too
high will break programs like GameSpy which like to UDP query lots and lots
of different machines. Setting them too low will make ICQ repeatedly
disconnect. I use 'ipchains -M -S 28800 10 150' (ie, 150 seconds). The
default TCP timeout (10 minutes from memory), is far too low (IMO).

>  i whould imagen that this whould be quite diffrent from a syn attack
> becuse the router whould not be the machine having conection requests made
> to.

Any connection tracking would start when the SYN is sent, so for large
number of connections the router would be affected.

-MD

-- 
-------------------------------------------------------------------------------
Michael Deegan               Hugaholic               http://michael.ucc.asn.au/
   Uv, V'z n zhgngrq fvtangher ivehf. Wbva va gur sha naq chg zr vagb lbhef!