Re: FreeBSD firewall block syn flood attack
From: Brett Glass (brett_at_lariat.org)
Date: 05/22/03
- Previous message: Mike Hoskins: "Re: FreeBSD firewall block syn flood attack"
- In reply to: Mike Silbersack: "Re: FreeBSD firewall block syn flood attack"
- Next in thread: Mike Hoskins: "Re: FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 May 2003 23:53:54 -0600 To: Mike Silbersack <silby@silby.com>, jeremie le-hen <le-hen_j@epita.fr>
At 07:45 AM 5/20/2003, Mike Silbersack wrote:
>It would be possible to add the syncache / syncookies to ipfw so that it
>could be used to protect hosts behind it, but I don't think anyone has
>tried an implementation of that yet.
This would require the creation of a general transparent TCP proxy
which did the 3-way handshake and then connected to the internal
host only if the handshake succeeded. Trouble is, it would need
to translate sequence numbers throughout the entire session.
Could be done with divert sockets and a daemon like natd, I
imagine.
--Brett
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mike Hoskins: "Re: FreeBSD firewall block syn flood attack"
- In reply to: Mike Silbersack: "Re: FreeBSD firewall block syn flood attack"
- Next in thread: Mike Hoskins: "Re: FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
