Re: Dos attack
From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: 08/26/04
- Next message: Dr Balwinder Singh Dheeman: "User Agents Analysis Report"
- Previous message: Tim Haynes: "Re: MD5 checksum changed"
- In reply to: Sandro Mangovski: "Re: Dos attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Aug 2004 16:37:20 +0200
Sandro Mangovski wrote:
> On Wed, 25 Aug 2004 04:23:22 +0200, Jose Maria Lopez Hernandez wrote:
>
>
>>This solution it's good if you don't have to accept incoming
>>connections, but if you have to then it's a bit harder.
>
>
> Why is that? You could set default policy to INPUT chain to DROP, and then
> match needed ports by setting up rules in the chain. That is the usual
> practice. :) Except dport matching you need to let ESTABLISHED and RELATED
> connections in and that is it. Regards,
>
I was talking about rejecting attacks like the SYN portscans from
nmap, where it's very difficult to check if it's a real connection
or a portscan. I know it's not a real danger, because you would need
a huge amount of SYNs to make a DOS (maybe a DDOS).
-- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
- Next message: Dr Balwinder Singh Dheeman: "User Agents Analysis Report"
- Previous message: Tim Haynes: "Re: MD5 checksum changed"
- In reply to: Sandro Mangovski: "Re: Dos attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
