FreeBSD firewall block syn flood attack
Greg Panula
greg.panula at dolaninformation.com
Tue May 20 05:36:22 PDT 2003
Ryan James wrote:
>
> Hello,
>
> I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
> the internet. The servers are being attacked with syn floods and go down
> multiple times a day.
>
> The 7 servers belong to a client, who runs redhat.
>
> I am trying to find a way to do some kind of syn flood protection inside the
> firewall.
>
> Any suggestions would be greatly appreciated.
Wouldn't syn cookies help in this situation? Since the firewall is a
bridge, you would have to enable syn cookies on the affected redhat box.
According to this link: http://cr.yp.to/syncookies.html
linux supports syn cookies. ' echo 1 > /proc/sys/net/ipv4/tcp_syncookies
' but are not enabled by default. I believe they are enabled by default
on FreeBSD. :)
Otherwise to use syn cookies at the firewall, the firewall would have to
have syn cookies enabled(sysctl variable net.inet.tcp.syncookies) and
nat the incoming traffic.
I haven't done any testing of syn cookies' protection against syn floods
but it is what they were designed for. :)
good luck,
greg
More information about the freebsd-security
mailing list