FreeBSD firewall block syn flood attack
James Ainslie
james at starjuice.net
Tue May 20 01:15:05 PDT 2003
On (2003/05/20 01:52), Ryan James wrote:n
> Hello,
>
> I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
> the internet. The servers are being attacked with syn floods and go down
> multiple times a day.
>
> The 7 servers belong to a client, who runs redhat.
>
> I am trying to find a way to do some kind of syn flood protection inside the
> firewall.
You could use snort quite effectively here. You can set up snort to act
as an active packet filter, in conjunction with a firewall.
Then obtain a few signature packets and craft a snort rule to activate
the dropping of these packets. The problem with using an IDS in line
with a firewall is that you run the horrible risk of false positives.
Proceed with extreme caution. :)
Hope that helps.
James.
--
James Ainslie
Systems Administrator
"Power corrupts, and absolute power corrupts absolutely"
Lord Acton
So who says FreeBSD isnt a corrupt OS?
More information about the freebsd-security
mailing list