Date: Tue, 20 May 2003 07:36:17 -0500 From: Greg Panula <greg.panula@dolaninformation.com> To: Ryan James <ryan@mac2.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD firewall block syn flood attack Message-ID: <3ECA2141.7804A81@dolaninformation.com> References: <BAEF3AC0.9998%ryan@mac2.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ryan James wrote: > > Hello, > > I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and > the internet. The servers are being attacked with syn floods and go down > multiple times a day. > > The 7 servers belong to a client, who runs redhat. > > I am trying to find a way to do some kind of syn flood protection inside the > firewall. > > Any suggestions would be greatly appreciated. Wouldn't syn cookies help in this situation? Since the firewall is a bridge, you would have to enable syn cookies on the affected redhat box. According to this link: http://cr.yp.to/syncookies.html linux supports syn cookies. ' echo 1 > /proc/sys/net/ipv4/tcp_syncookies ' but are not enabled by default. I believe they are enabled by default on FreeBSD. :) Otherwise to use syn cookies at the firewall, the firewall would have to have syn cookies enabled(sysctl variable net.inet.tcp.syncookies) and nat the incoming traffic. I haven't done any testing of syn cookies' protection against syn floods but it is what they were designed for. :) good luck, greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ECA2141.7804A81>