Re: FreeBSD firewall block syn flood attack

• Previous message: jeremie le-hen: "Re: FreeBSD firewall block syn flood attack"
• In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
• Next in thread: James Ainslie: "Re: FreeBSD firewall block syn flood attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 May 2003 07:36:17 -0500
To: Ryan James <ryan@mac2.net>

Ryan James wrote:
>
> Hello,
>
> I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
> the internet. The servers are being attacked with syn floods and go down
> multiple times a day.
>
> The 7 servers belong to a client, who runs redhat.
>
> I am trying to find a way to do some kind of syn flood protection inside the
> firewall.
>
> Any suggestions would be greatly appreciated.

Wouldn't syn cookies help in this situation? Since the firewall is a
bridge, you would have to enable syn cookies on the affected redhat box.

According to this link: http://cr.yp.to/syncookies.html
linux supports syn cookies. ' echo 1 > /proc/sys/net/ipv4/tcp_syncookies
' but are not enabled by default. I believe they are enabled by default
on FreeBSD. :)

Otherwise to use syn cookies at the firewall, the firewall would have to
have syn cookies enabled(sysctl variable net.inet.tcp.syncookies) and
nat the incoming traffic.

I haven't done any testing of syn cookies' protection against syn floods
but it is what they were designed for. :)

good luck,
  greg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: jeremie le-hen: "Re: FreeBSD firewall block syn flood attack"
• In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
• Next in thread: James Ainslie: "Re: FreeBSD firewall block syn flood attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]