Re: Anything wrong with blocking "new" SYN/ACK packets?
- From: BlackHole <BlackHole@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 20 Oct 2007 16:52:54 -0500
On 2007-10-19, Ansgar -59cobalt- Wiechers <usenet-2007@xxxxxxxxxxxxxxxx> wrote:
BlackHole <BlackHole@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I was reading about these "distributed reflective denial of service"
attacks (spray a ton of IPs with spoofed syn packets and they all hit
the target with syn/ack's) and I was wondering:
1. Would it not be possible to just block syn/ack packets that have
the state: NEW
Yes (depending on your packet filter, that is).
or would a legitimate syn/ack have that state anyway?
No.
2. If its possible to just block those is there any reason why I would
NOT want to do that?
No.
cu
59cobalt
Cool, well theres one more defense added to my arsenal of iptables rules
;-)
Thanks
--
~/Blackhole Registered Linux User #420119 (http://counter.li.org)
AMD Athlon64/3200 2046mb pc3200 DDR400, (2) 300gb SATA, 256mb GeForce 6200
Gentoo 2007.0 (Gentoo is the best...)
"A computer is like an air conditioner, it stops working when you open Windows"
.
- Follow-Ups:
- Re: Anything wrong with blocking "new" SYN/ACK packets?
- From: goarilla
- Re: Anything wrong with blocking "new" SYN/ACK packets?
- References:
- Anything wrong with blocking "new" SYN/ACK packets?
- From: BlackHole
- Re: Anything wrong with blocking "new" SYN/ACK packets?
- From: Ansgar -59cobalt- Wiechers
- Anything wrong with blocking "new" SYN/ACK packets?
- Prev by Date: Re: eTrust ez firewall and downloading media
- Next by Date: Re: Anything wrong with blocking "new" SYN/ACK packets?
- Previous by thread: Re: Anything wrong with blocking "new" SYN/ACK packets?
- Next by thread: Re: Anything wrong with blocking "new" SYN/ACK packets?
- Index(es):
Relevant Pages
|
