Date: Wed, 21 May 2003 23:53:54 -0600 From: Brett Glass <brett@lariat.org> To: Mike Silbersack <silby@silby.com>, jeremie le-hen <le-hen_j@epita.fr> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD firewall block syn flood attack Message-ID: <4.3.2.7.2.20030521234939.02fbdc20@localhost> In-Reply-To: <20030520084338.W56510@odysseus.silby.com> References: <20030520095759.GA26095@carpediem.epita.fr> <BAEF3AC0.9998%ryan@mac2.net> <20030520095759.GA26095@carpediem.epita.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:45 AM 5/20/2003, Mike Silbersack wrote: >It would be possible to add the syncache / syncookies to ipfw so that it >could be used to protect hosts behind it, but I don't think anyone has >tried an implementation of that yet. This would require the creation of a general transparent TCP proxy which did the 3-way handshake and then connected to the internal host only if the handshake succeeded. Trouble is, it would need to translate sequence numbers throughout the entire session. Could be done with divert sockets and a daemon like natd, I imagine. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030521234939.02fbdc20>