search for: synflood

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

...nd of behaviour ? > > Kind regards, > Daniel > I came some time ago with an SSL slowness that I didn't figure out (described above). I have just found what the problem was: I was using the LinWiz iptables firewall builder, and this one did set by default to have a limitation for synfloods at 1 syn per second (at the end of the script). This, used with SSL, makes the HTTPS connection transfer speed being very very slow, but not for the HTTP connections. Now I incremented it to 50/s and 100 burst limitation, and all works very well. For those that this might help.. Daniel

Hello, i''ve found this page (lartc currently down) http://www.lartc.org/howto/lartc.cookbook.synflood-protect.html where someone used iptables firewall mark to mark specific packets which will be shaped thru ingress qdisc with a fw filter and rate policy appended. I''ve tried similar this way, but it don''t work. Now i''m belief this could''nt work cause the tra...

...flood iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j RETURN iptables -A syn-flood -j DROP iptables -A protect -p tcp --syn -j syn-flood Now I want to be able to say : iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j LOG --log-prefix Synflood -j RETURN i.e. I want to return and log the event of syn flooding.... Next I want to be able for this rule to handle per-IP syn-floods automaticaly but not globaly as it is now. How do u do this ?!! And as a side effect view which one is the flooder in the syslog.. The next thing I want to do i...

Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

..., i686 Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64 Red Hat Linux 7.2 - athlon, i386, i586, i686 3. Problem description: Syncookies, while not enabled in default installations of Red Hat Linux, are used to protect an Internet server against a certain type of DoS attack--the so called "synflood"--by using a cryptographic challenge protocol which ensures legitimate users can keep using the server. Under an attack, the TCP/IP layer will, instead of just accepting new connections, send back the challenge and only accept the connections in the second phase ("syn ack") of the TC...

I notice one other small problem with my modified version of SFQ. The fact that packets can be dropped at dequeue time is incompatible with the way HTB (and probably CBQ and others modeled on it) keep statistics. When I fill a low rate queue causing packets to expire and be dropped at dequeue I get interesting statistics like this: This is my variant of SFQ qdisc plfq 8016: dev eth1 ... Sent

I just talked to Mike McGrath from Fedora Infrastructure, and he told me that they are seeing load spikes (not quite performance problems yet, but definitely a concern) in their setup. As an example, the graph [1] shows a typical client - the spikes from 16:00 to 8:00 are almost exclusively puppetd doing its thing. It seems that the most likely culprit is the fileserver - they serve 500-1500

...#39;'t seem to do anything. If you use tc show qdisc|filter|class the qdisc,filters and classes are not even shown, so I guess it''s borked (tc should have given an error that it won''t work). ======== IMHO it isn''t that complex I want to achieve... The example of the synflood protector also doesn''t work, btw. I am using linux 2.6.16.1 and these rules to mark: iptables -t mangle -N classify-high iptables -t mangle -A classify-high -j MARK --set-mark 1 iptables -t mangle -A classify-high -j ACCEPT iptables -t mangle -N classify-medium iptables -t mangle -A cla...

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not