Re: FreeBSD firewall block syn flood attack
From: Avleen Vig (lists-freebsd_at_silverwraith.com)
Date: 05/20/03
- Previous message: Ryan James: "FreeBSD firewall block syn flood attack"
- In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
- Next in thread: G.P. de Boer: "Re: FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 May 2003 00:34:24 -0700 To: Ryan James <ryan@mac2.net>
On Tue, May 20, 2003 at 01:52:00AM -0500, Ryan James wrote:
> Hello,
> I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
> the internet. The servers are being attacked with syn floods and go down
> multiple times a day.
>
> The 7 servers belong to a client, who runs redhat.
> I am trying to find a way to do some kind of syn flood protection inside the
> firewall.
SYN floods are difficult to "protect" against.
In the past, the only way I have been able to deal with them is to block
all communication to the hosts being attacked, and allow communication
again when the attack ends.
The difficulty comes in when the attacker realises that you are
effectively combatting the attack, and then proceeds to increase the
ferocity of the attack until either all of our bandwidth is consumed, or
your network equipment cannot handle the rate of packets coming in.
Best thing to do is just take the hosts off the network. I normally use
packet filter rules to achieve this.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Ryan James: "FreeBSD firewall block syn flood attack"
- In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
- Next in thread: G.P. de Boer: "Re: FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
