RE: Preveting DDOS Syn floods on HTTP servers

From: Fernando Gont (fernando_at_gont.com.ar)
Date: 03/17/04

  • Next message: Vladimir B. Kropotov: "Crypto implementation for public use (was: RE[2]: Storing an encryption key in CMOS)" 
    Date: Wed, 17 Mar 2004 01:10:58 -0300
To: QMARTIN_M=2E_B=E9noni=22?= <benoni_martin@hotmail.com>, nabi1@securology.org, security-basics@securityfocus.com

    At 16:22 09/03/2004 +0000, MARTIN M. Bénoni wrote:

    >Well, I do not know IIS, but on Apache tehere are a couple of options
    >which can help preventing from DDOS attacks. Here are a buch of examples:
    >- KeepAlive
    >- MaxKeepAliveRequests
    >- KeepAliveTimeout
    >- ...
    >
    >I will not say you will or will not, I think you can just HELP PREVENTING!

    Why should it help?
    TCP's keepalive was meant to clean the system from half open connections.
    So it should keick in *fter* a connection has been established, which is
    not the case of a SYN flood or a reflection attack, as the connections
    never get established.

    For SYN flood, you should enable syncookies. 

    --
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Vladimir B. Kropotov: "Crypto implementation for public use (was: RE[2]: Storing an encryption key in CMOS)"