syn flood, tcpdump readings (Tom Huppi)
ryanfirst at sympatico.ca
Fri Aug 15 15:03:21 UTC 2008
Tom, start by hardening the server (I know this isn't pf specific but, it
needs to done)
Link for hardening FreeBSD -
http://www.bsdguides.org/guides/freebsd/security/harden.php. Enable the
"configure FreeBSD to drop SYN/FIN packets:" and monitor the results.
Drop known garbage using Pf eg:
block drop in quick from <garbage> to any
Ports to look into - lockdown and mod_security. I use the denyhost database
to drop any connections from the list for a 24 hr period.
More information about the freebsd-pf