Date: Fri, 15 Aug 2008 10:48:40 -0400 From: "B O'Reilly" <ryanfirst@sympatico.ca> To: <freebsd-pf@freebsd.org> Subject: Re: syn flood, tcpdump readings (Tom Huppi) Message-ID: <BLU0-SMTP8A7802F5950001AEF1F8ACF6D0@phx.gbl> References: <20080808120026.58759106569E@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom, start by hardening the server (I know this isn't pf specific but, it needs to done) Link for hardening FreeBSD - http://www.bsdguides.org/guides/freebsd/security/harden.php. Enable the "configure FreeBSD to drop SYN/FIN packets:" and monitor the results. Drop known garbage using Pf eg: block drop in quick from <garbage> to any Ports to look into - lockdown and mod_security. I use the denyhost database to drop any connections from the list for a 24 hr period. Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP8A7802F5950001AEF1F8ACF6D0>