Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Mar 1999 19:41:48 +0200
From:      Ruslan Ermilov <ru@ucb.crimea.ua>
To:        The Tech-Admin Dude <geniusj@phoenix.unacom.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: SYN attacks
Message-ID:  <19990315194148.A841@relay.ucb.crimea.ua>
In-Reply-To: <Pine.BSF.4.10.9903151227140.29462-100000@phoenix.unacom.com>; from The Tech-Admin Dude on Mon, Mar 15, 1999 at 12:28:48PM -0500
References:  <19990315100709.D64525@relay.ucb.crimea.ua> <Pine.BSF.4.10.9903151227140.29462-100000@phoenix.unacom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Mar 15, 1999 at 12:28:48PM -0500, The Tech-Admin Dude wrote:
> 
> 
> On Mon, 15 Mar 1999, Ruslan Ermilov wrote:
> 
> > On Sun, Mar 14, 1999 at 09:51:30PM -0000, geniusj@phoenix.unacom.com wrote:
> > >   Hi, if this is directed towards the wrong list, please forward it to the
> > > correct one.. My concern is that our server has been getting some massive
> > > SYN floods from, what we think arespoofed hosts recently. It has brought our
> > > system to its knees, even with its power (Dual 400 512 mb of ram).  We would
> > > like to somehow restrict these zombie connections from building up so much
> > > ..  I found somewhat of an old kernel patch, but due to the age of it, it isnt
> > > applicable any more.  I would like any suggestions on stopping or weakening
> > > these attacks either by kernel patch or ip filtering.. Any suggestions are
> > > welcome.
> > > 
> > > Thanks,
> > > Jason DiCioccio <geniusj@unacom.com>
> > 
> > man 4 dummynet
> > 
> <SNIP>
> 
> 	That looks to be (and as I understood it) for limitting bandwidth
> going through a certain device, I dont want to llimit overall bandwidth of
> the system, the SYN attacks dont actually take much bandwidth, but they do
> take a big chunk of system resources and dont allow anyone else to login
> while they are going on..

No, you can limit only packets with SYN bit set.

For example,

ipfw pipe 1 config bw 1Kbit/s
ipfw add pipe 1 tcp from any to <your_host> setup via <external_interface>


-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990315194148.A841>