Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)

• Previous message: Damian Gerow: "Re: [fw-wiz] Spamming, 'hidden' mail server"
• In reply to: Mikael Olsson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Next in thread: Paul Robertson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Reply: Paul Robertson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Fri, 17 Oct 2003 12:47:51 -0400

On Friday, October 17, 2003, at 11:40 AM, Mikael Olsson wrote:
[ ... ]
> Yes, there are TCP stacks that handle SYN floods much better than
> what I described above (the linux crowd will undoubtedly cheer in with
> "all the world is a linux box!" here), but those that do handle it well
> enough on their own simply don't need the firewall to do SYN flood
> protection for them -- right?

Yes and no. It's becoming more common for systems to handle SYN floods
well via mechanisms like net.inet.tcp.syncookies, but the farther
upstream you can block or apply traffic prioritization/QoS, the better.
  Handling SYN floods at the firewall lets you conserve internal LAN
bandwidth even if your Internet pipe(s) are still going to suffer.

-- 
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Damian Gerow: "Re: [fw-wiz] Spamming, 'hidden' mail server"
• In reply to: Mikael Olsson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Next in thread: Paul Robertson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Reply: Paul Robertson: "Re: [fw-wiz] SYN flood protection strategies (Was: Post connection SYN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters ... PS regarding syn floods, the typical advice I see stops at the registry ... with these Windows settings is to be less vulnerable, ... >> pending SYN connections that a Windows computer or other device can keep ... >> as searching a variety of firewall manufacturer web sites to see some ... (microsoft.public.inetserver.iis.security) Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters ... > connections takes more memory and performance from the device or computer, ... but it's probably more effective to have a device [e.g. a firewall] ... > that use it, such as intrusion.com, etc] can deal with SYN floods: ... >> the same parameter) that are covered in the RFCs. ... (microsoft.public.inetserver.iis.security) Re: half open sync flood and firewall ... >> I'm searching a firewall to protect my server from the ... >> A free firewall would be perfect. ... that detects Syn floods. ... features you need come with the free version or if you need the pro. ... (microsoft.public.security)