SYN Attacks - how i cant stop it
Barbish3 at adelphia.net
Fri Feb 13 07:51:17 PST 2004
You talk about the net.inet.tcp.syncookies=1 knob,
how about an description on what it does and why you
are recommending using it.
How would one go about mirroring back the attackers
syn packets to port 80 or 22?
Please describe this easy method of yours.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Anton
Sent: Friday, February 13, 2004 10:27 AM
To: freebsd-questions at freebsd.org
Cc: freebsd-security at freebsd.org
Subject: Re: SYN Attacks - how i cant stop it
Most important, you did turn on syncookies, did you not?
FreeBSD is pretty immune to syn floods. As for out of bandwidth,
has to do with your uplink and how much you pay for your traffic.
root# sysctl net.inet.tcp.syncookies
If it is not set to one, then do:
root# sysctl net.inet.tcp.syncookies=1
Also edit /etc/sysctl.conf to contain net.inet.tcp.syncookies=1.
A reboot would clear the tcp stack. You can't reboot remotely if
securelevel is enabled in /etc/rc.conf.
If you don't have firewall support compiled in the kernel, kldload
Might be a good lesson to mirror back all incoming syn packets from
attacker's IP to him. To port 80, or 22, or to some any other open
You can do that easely with ipfw.
Reversed Hell Networks
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions