similar to: Re: [Shorewall-users] Common Rules

On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN > http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/ipta > bles-tutorial.html#NEWNOTSYN > > If the section titled " State NEW packets but no

Hello Everyone, I have 2 different suggestions about syn-cookies method which is used to block syn-flood attacks. Syn cookies bitwise image --------------------------------------------- T(5 bits) ---MSS(3 bits)-----H(24 bits) --------------------------------------------- So, 1- T value can be decreased to 2 bit which is already 5 bit.And hash value will be 27 bit. 2-Normally syn-cookies is

Hi folks, I have here a database node running # rpm -qa | grep mysql-server mysql55-mysql-server-5.5.52-1.el6.x86_64 on # virt-what vmware that seems to have a connection problem: # dmesg |grep SYN |tail -5 possible SYN flooding on port 3306. Sending cookies. possible SYN flooding on port 3306. Sending cookies. possible SYN flooding on port 3306. Sending cookies. possible SYN flooding on

> Am 20.07.2018 um 18:52 schrieb Nataraj <incoming-centos at rjl.com>: > > On 07/20/2018 03:56 AM, Leon Fauster via CentOS wrote: >> Hi folks, >> >> I have here a database node running >> >> # rpm -qa | grep mysql-server >> mysql55-mysql-server-5.5.52-1.el6.x86_64 >> >> on >> >> # virt-what >> vmware >>

I have a perferctly working shorewall system, with basic configuration (external real IP, one private address internal network with some forwarded services), and log handling with fwlogwatch. My problem is that I can''t find out how to make something like this with shorewall (TCP-connections only): - Allow protocol x connections from IP x.x.x.x without logging - Allow protocol x

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

Hi *Problem *- I'm running Icecast in a VM container on OpenVZ. Syslog on the hardware node (HN) shows these error messages: Jan 23 18:43:05 HN kernel: [27469893.430615] possible SYN flooding on port 8000. Sending cookies. Jan 23 21:37:40 HN kernel: [27480362.817944] possible SYN flooding on port 8000. Sending cookies. Jan 23 23:43:50 HN kernel: [27487929.582025] possible SYN flooding on

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

On a Linux Server running tincd I noticed the following log message in /var/log/messages kernel: possible SYN flooding on port 655. Sending cookies. I found this on the web: If SYN cookies are enabled, then the kernel doesn't track half open connections at all. Instead it knows from the sequence number in the following ACK datagram that the ACK very probably follows a SYN and a SYN-ACK.

Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net

Near the end of section 15.10, the following commands are shown for prioritizing SYN packets: iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN Shouldn''t the "-I" option really be "-A"? Like so: iptables -t mangle -A

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

Am 23.06.2020 08:43, schrieb Luca Bertoncello: And another thing, I discovered right now... > Could you suggest me something to restrict the problem? > Currently, I think the problem can be: > > 1) on Asterisk > 2) on my Gateway/Firewall A couple of years ago I added this entry in my firewall: /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS

Hello, after upgrading Shorewall (see subject) and Gentoo-Linux (from Kernel 2.6.12 to 2.6.15, both with Gentoo patches, e.g. not Vanilla) the firewall on our load balancer rejects HTTP packets for the VIP with >Mar 5 23:22:51 balance Shorewall:all2all:REJECT:IN= OUT=eth0 >SRC=XX.XXX.XXX.XXX >DST=XXX.XXX.XXX. XXX LEN=48 TOS=0x00 PREC=0x00 TTL=114 >ID=26421 DF PROTO=TCP SPT=2025

Perhaps someone will help me on this :- I have read a lot of examples of syn flood protect on the INPUT chain. That I have no question at all. I wonder if it make sense to perform syn flood protection at the FORWARD chain ? If packets are originated from a LAN worm, and are not targetted at the firewall itself, but rather at hosts in the internet, will it cause problem with the firewall itself,

Here's the output: Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=

I''m wondering if is is posable to do something like . /etc/shorewall/somefile from inside the blacklist file is a future release. is is this sort of thing already available and I''m just doing it wrong? -- Brad Wyman |\ _,,,---,,_ bradw@sta-care.com /,`.-''`'' -. ;-;;,_ Network Admin |,4- ) )-,_. ,\ ( `''-'' Sta-Care,

Hi - When I'm trying to read in a text file into a labeled character array, the memory stamp/footprint of R will exceed 4 gigs or more. I've seen this behavior on Mac OS X, Linux for AMD_64 and X86_64., and the R versions are 2.4, 2.4 and 2.2, respectively. So, it would seem that this is platform and R version independant. The file that I'm reading contains the upstream regions

Hi, I''ve been developing a peer-to-peer application, and have recently been trying to add STUNT (http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/Docs/XSTUNT%20Ref erence.htm) to allow firewall/NAT traversal. I got a box with Shorewall to use for testing, and am now trying to work out whether Shorewall is actually designed to prevent such connections? I notice in the FAQs that

First thing to note is that I am using FreeBSD 4.8 . We would like to send only the syn packet of a tcp connection through certain ipsec tunnels and the rest of the packets in a connection though a simple transport mode setup. Yeah, I know it's strange but what can I say -- we do a lot of strange things. From the best I can tell, the setkey/spadd filtering capability isn't sophisticated