search for: synflooding

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

> Hello all. > > I have a problem since months with my CentOS 4 webserver. It came up since > I intalled it. > The SSL pages are very slow. Typically, I get 2-3 thumbnails from an SSL > page, and then nothing during 7 seconds, and then again 2 thumbnails, > nothing again, etc.. and so forth during about 30 seconds after what all > non loaded images are just discarded

Hello, i''ve found this page (lartc currently down) http://www.lartc.org/howto/lartc.cookbook.synflood-protect.html where someone used iptables firewall mark to mark specific packets which will be shaped thru ingress qdisc with a fw filter and rate policy appended. I''ve tried similar this way, but it don''t work. Now i''m belief this could''nt work

hi, I have two situation where I need two targets in one rule ....... First one iptables -N syn-flood iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j RETURN iptables -A syn-flood -j DROP iptables -A protect -p tcp --syn -j syn-flood Now I want to be able to say : iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j LOG --log-prefix

Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: kernel 2.2 and 2.4: syncookie vulnerability Advisory ID: RHSA-2001:142-15 Issue date: 2001-10-26 Updated on: 2001-11-02 Product: Red Hat Linux Keywords: syncookie security kernel Cross references: Obsoletes:

I notice one other small problem with my modified version of SFQ. The fact that packets can be dropped at dequeue time is incompatible with the way HTB (and probably CBQ and others modeled on it) keep statistics. When I fill a low rate queue causing packets to expire and be dropped at dequeue I get interesting statistics like this: This is my variant of SFQ qdisc plfq 8016: dev eth1 ... Sent

I just talked to Mike McGrath from Fedora Infrastructure, and he told me that they are seeing load spikes (not quite performance problems yet, but definitely a concern) in their setup. As an example, the graph [1] shows a typical client - the spikes from 16:00 to 8:00 are almost exclusively puppetd doing its thing. It seems that the most likely culprit is the fileserver - they serve 500-1500

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not