Re: FreeBSD firewall block syn flood attack

• Previous message: Greg Panula: "Re: FreeBSD firewall block syn flood attack"
• In reply to: jeremie le-hen: "Re: FreeBSD firewall block syn flood attack"
• Next in thread: Brett Glass: "Re: FreeBSD firewall block syn flood attack"
• Reply: Brett Glass: "Re: FreeBSD firewall block syn flood attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 May 2003 08:45:34 -0500 (CDT)
To: jeremie le-hen <le-hen_j@epita.fr>

On Tue, 20 May 2003, jeremie le-hen wrote:

> Note that in fact, this might be achieved on your firewall (FreeBSD also
> supports syncookies), but this would imply TCP SYN to be received by the
> firewall itself, which in turn would forward the TCP connection to the
> appropriate server once the connection would be fully established.
> (I think a simple TCP tunnel with a NAT redirection to localhost should
> work.)
>
> Regards,
> --
> Jeremie aka TtZ/TataZ
> jeremie.le-hen@epita.fr

You could certainly pull that off with an application level proxy, but the
disadvantage would be that the server would no longer be able to determine
the source IP of the machines connecting to it.

It would be possible to add the syncache / syncookies to ipfw so that it
could be used to protect hosts behind it, but I don't think anyone has
tried an implementation of that yet.

Mike "Silby" Silbersack
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Greg Panula: "Re: FreeBSD firewall block syn flood attack"
• In reply to: jeremie le-hen: "Re: FreeBSD firewall block syn flood attack"
• Next in thread: Brett Glass: "Re: FreeBSD firewall block syn flood attack"
• Reply: Brett Glass: "Re: FreeBSD firewall block syn flood attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]