Date: Tue, 20 May 2003 09:37:50 +0200 From: James Ainslie <james@starjuice.net> To: Ryan James <ryan@mac2.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD firewall block syn flood attack Message-ID: <20030520073750.GH55410@gambling.com> In-Reply-To: <BAEF3AC0.9998%ryan@mac2.net> References: <BAEF3AC0.9998%ryan@mac2.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2003/05/20 01:52), Ryan James wrote:n > Hello, > > I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and > the internet. The servers are being attacked with syn floods and go down > multiple times a day. > > The 7 servers belong to a client, who runs redhat. > > I am trying to find a way to do some kind of syn flood protection inside the > firewall. You could use snort quite effectively here. You can set up snort to act as an active packet filter, in conjunction with a firewall. Then obtain a few signature packets and craft a snort rule to activate the dropping of these packets. The problem with using an IDS in line with a firewall is that you run the horrible risk of false positives. Proceed with extreme caution. :) Hope that helps. James. -- James Ainslie Systems Administrator "Power corrupts, and absolute power corrupts absolutely" Lord Acton So who says FreeBSD isnt a corrupt OS?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030520073750.GH55410>