Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime.
You could try adding this to /etc/sysctl.conf sysctl net.inet.tcp.drop_synfin=1 -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Spades Sent: Wednesday, 7 April 2004 3:02 am To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org Subject: SYN attacks Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
you should add net.inet.tcp.drop_synfin=1 to /etc/sysctl.conf so it gets piped into sysctl on boot or just run sysctl net.inet.tcp.drop_synfin=1 as root -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Mark Picone Sent: Wednesday, 7 April 2004 10:57 am To: freebsd-security@freebsd.org Subject: RE: SYN attacks You could try adding this to /etc/sysctl.conf sysctl net.inet.tcp.drop_synfin=1 -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Spades Sent: Wednesday, 7 April 2004 3:02 am To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org Subject: SYN attacks Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Mark Picone wrote:> you should add > net.inet.tcp.drop_synfin=1 to /etc/sysctl.conf so it gets piped into sysctl > on boot > or just run sysctl net.inet.tcp.drop_synfin=1 as rootUnlikely the attacks will have both the SYN and FIN flags set. Perhaps verifying net.inet.tcp.syncookies is set to 1 and use ipfw+dummynet to rate limit incoming SYN packets.> > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Mark Picone > Sent: Wednesday, 7 April 2004 10:57 am > To: freebsd-security@freebsd.org > Subject: RE: SYN attacks > > You could try adding this to /etc/sysctl.conf > > sysctl net.inet.tcp.drop_synfin=1 > > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Spades > Sent: Wednesday, 7 April 2004 3:02 am > To: freebsd-questions@freebsd.org > Cc: freebsd-security@freebsd.org > Subject: SYN attacks > > Heya, > > FREEBSD 4.9-STABLE > > Is there anyway to block SYN attacks and prevent it from bring down my > server? > > Its been attacking for sometime. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
I am afraid that if you cut off all syn packages from ports like 80 that apache uses you might have problems ... Better write a line on your firewall in order you setup a limit per hour for the syn packets a host can transmit ... Regards>From: "Spades" <spades@galaxynet.org> >Reply-To: Spades <spades@galaxynet.org> >To: <freebsd-questions@freebsd.org> >CC: freebsd-security@freebsd.org >Subject: SYN attacks >Date: Wed, 7 Apr 2004 01:01:53 +0800 >MIME-Version: 1.0 >Received: from mx2.freebsd.org ([216.136.204.119]) by mc3-f13.hotmail.com >with Microsoft SMTPSVC(5.0.2195.6824); Tue, 6 Apr 2004 10:09:14 -0700 >Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])by >mx2.freebsd.org (Postfix) with ESMTPid 8699156FD3; Tue, 6 Apr 2004 >10:05:26 -0700 (PDT)(envelope-from owner-freebsd-security@freebsd.org) >Received: from hub.freebsd.org (localhost [127.0.0.1])by hub.freebsd.org >(Postfix) with ESMTPid CDC6D16A51E; Tue, 6 Apr 2004 10:05:12 -0700 (PDT) >Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])by >hub.freebsd.org (Postfix) with ESMTPid 4C60D16A4CE; Tue, 6 Apr 2004 >10:04:57 -0700 (PDT) >Received: from smtp29.singnet.com.sg (smtp29.singnet.com.sg >[165.21.101.249])by mx1.FreeBSD.org (Postfix) with ESMTPid 2C45F43D53; Tue, > 6 Apr 2004 10:04:56 -0700 (PDT)(envelope-from spades@galaxynet.org) >Received: from bryanuptrvb0jc >(bb-203-125-35-50.singnet.com.sg[203.125.35.50])i36H1sjC016214; Wed, 7 Apr >2004 01:01:55 +0800 >X-Message-Info: JGTYoYF78jGSc2zcGoa7pUWP13FUwyhK >Delivered-To: freebsd-security@freebsd.org >Message-ID: <000d01c41bf8$dd24eac0$fa10fea9@bryanuptrvb0jc> >References:<6.1.0.5.2.20040406112456.00ab6ab8@localhost><49707.192.168.0.105.1081269392.squirrel@webmail.thilelli.net><200404061152.08455.algould@datawok.com> >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook Express 6.00.2800.1158 >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >X-BeenThere: freebsd-security@freebsd.org >X-Mailman-Version: 2.1.1 >Precedence: list >List-Id: Security issues [members-only >posting]<freebsd-security.freebsd.org> >List-Unsubscribe: ><http://lists.freebsd.org/mailman/listinfo/freebsd-security>,<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> >List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security> >List-Post: <mailto:freebsd-security@freebsd.org> >List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> >List-Subscribe: ><http://lists.freebsd.org/mailman/listinfo/freebsd-security>,<mailto:freebsd-security-request@freebsd.org?subject=subscribe> >Errors-To: owner-freebsd-security@freebsd.org >Return-Path: owner-freebsd-security@freebsd.org >X-OriginalArrivalTime: 06 Apr 2004 17:09:17.0007 (UTC) >FILETIME=[E4A56DF0:01C41BF9] > >Heya, > >FREEBSD 4.9-STABLE > >Is there anyway to block SYN attacks and prevent it from bring down >my server? > >Its been attacking for sometime. >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"_________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963