Re: FreeBSD firewall block syn flood attack
From: James Ainslie (james_at_starjuice.net)
Date: 05/20/03
- Previous message: Nickolay A. Kritsky: "ip_input.c"
- In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 May 2003 09:37:50 +0200 To: Ryan James <ryan@mac2.net>
On (2003/05/20 01:52), Ryan James wrote:n
> Hello,
>
> I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
> the internet. The servers are being attacked with syn floods and go down
> multiple times a day.
>
> The 7 servers belong to a client, who runs redhat.
>
> I am trying to find a way to do some kind of syn flood protection inside the
> firewall.
You could use snort quite effectively here. You can set up snort to act
as an active packet filter, in conjunction with a firewall.
Then obtain a few signature packets and craft a snort rule to activate
the dropping of these packets. The problem with using an IDS in line
with a firewall is that you run the horrible risk of false positives.
Proceed with extreme caution. :)
Hope that helps.
James.
-- James Ainslie Systems Administrator "Power corrupts, and absolute power corrupts absolutely" Lord Acton So who says FreeBSD isnt a corrupt OS? _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Nickolay A. Kritsky: "ip_input.c"
- In reply to: Ryan James: "FreeBSD firewall block syn flood attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
