syn flood, tcpdump readings (Tom Huppi)

B O'Reilly ryanfirst at
Fri Aug 15 15:03:21 UTC 2008

Tom, start by hardening the server (I know this isn't pf specific but, it
needs to done)

Link for hardening FreeBSD - Enable the
"configure FreeBSD to drop SYN/FIN packets:" and monitor the results.

Drop known garbage using Pf eg:

block drop in quick from <garbage> to any

Ports to look into - lockdown and mod_security. I use the denyhost database
to drop any connections from the list for a 24 hr period.


More information about the freebsd-pf mailing list