SYN Attacks - how i cant stop it
JJB
Barbish3 at adelphia.net
Fri Feb 13 07:51:17 PST 2004
You talk about the net.inet.tcp.syncookies=1 knob,
how about an description on what it does and why you
are recommending using it.
How would one go about mirroring back the attackers
syn packets to port 80 or 22?
Please describe this easy method of yours.
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Anton
Alin-Adrian
Sent: Friday, February 13, 2004 10:27 AM
To: freebsd-questions at freebsd.org
Cc: freebsd-security at freebsd.org
Subject: Re: SYN Attacks - how i cant stop it
Most important, you did turn on syncookies, did you not?
FreeBSD is pretty immune to syn floods. As for out of bandwidth,
this
has to do with your uplink and how much you pay for your traffic.
root# sysctl net.inet.tcp.syncookies
If it is not set to one, then do:
root# sysctl net.inet.tcp.syncookies=1
Also edit /etc/sysctl.conf to contain net.inet.tcp.syncookies=1.
A reboot would clear the tcp stack. You can't reboot remotely if
kernel
securelevel is enabled in /etc/rc.conf.
If you don't have firewall support compiled in the kernel, kldload
ipfw.
Might be a good lesson to mirror back all incoming syn packets from
the
attacker's IP to him. To port 80, or 22, or to some any other open
port.
You can do that easely with ipfw.
--
Alin-Adrian Anton
Reversed Hell Networks
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F
FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list