From owner-freebsd-questions Mon Mar 15 9:50:24 1999 Delivered-To: freebsd-questions@freebsd.org Received: from phoenix.unacom.com (phoenix.unacom.com [209.51.241.25]) by hub.freebsd.org (Postfix) with SMTP id 9EEDA150F5 for ; Mon, 15 Mar 1999 09:50:15 -0800 (PST) (envelope-from geniusj@phoenix.unacom.com) Received: (qmail 29791 invoked by uid 1000); 15 Mar 1999 17:49:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Mar 1999 17:49:56 -0000 Date: Mon, 15 Mar 1999 12:49:56 -0500 (EST) From: The Tech-Admin Dude To: Ruslan Ermilov Cc: questions@FreeBSD.ORG Subject: Re: SYN attacks In-Reply-To: <19990315194148.A841@relay.ucb.crimea.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 15 Mar 1999, Ruslan Ermilov wrote: > On Mon, Mar 15, 1999 at 12:28:48PM -0500, The Tech-Admin Dude wrote: > > > > > > On Mon, 15 Mar 1999, Ruslan Ermilov wrote: > > > > > On Sun, Mar 14, 1999 at 09:51:30PM -0000, geniusj@phoenix.unacom.com wrote: > > > > Hi, if this is directed towards the wrong list, please forward it to the > > > > correct one.. My concern is that our server has been getting some massive > > > > SYN floods from, what we think arespoofed hosts recently. It has brought our > > > > system to its knees, even with its power (Dual 400 512 mb of ram). We would > > > > like to somehow restrict these zombie connections from building up so much > > > > .. I found somewhat of an old kernel patch, but due to the age of it, it isnt > > > > applicable any more. I would like any suggestions on stopping or weakening > > > > these attacks either by kernel patch or ip filtering.. Any suggestions are > > > > welcome. > > > > > > > > Thanks, > > > > Jason DiCioccio > > > > > > man 4 dummynet > > > > > > > > > That looks to be (and as I understood it) for limitting bandwidth > > going through a certain device, I dont want to llimit overall bandwidth of > > the system, the SYN attacks dont actually take much bandwidth, but they do > > take a big chunk of system resources and dont allow anyone else to login > > while they are going on.. > > No, you can limit only packets with SYN bit set. > > For example, > > ipfw pipe 1 config bw 1Kbit/s > ipfw add pipe 1 tcp from any to setup via > Ah ha! :).. One more thing though, if I limit SYN to 1 kbit or 10 kbit, the SYN would prolly use about that much so would other users still have room to connect to the server with him using up all the bandwidth designated for SYN packets? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message