Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 May 2003 23:53:54 -0600
From:      Brett Glass <brett@lariat.org>
To:        Mike Silbersack <silby@silby.com>, jeremie le-hen <le-hen_j@epita.fr>
Cc:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD firewall block syn flood attack
Message-ID:  <4.3.2.7.2.20030521234939.02fbdc20@localhost>
In-Reply-To: <20030520084338.W56510@odysseus.silby.com>
References:  <20030520095759.GA26095@carpediem.epita.fr> <BAEF3AC0.9998%ryan@mac2.net> <20030520095759.GA26095@carpediem.epita.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
At 07:45 AM 5/20/2003, Mike Silbersack wrote:

>It would be possible to add the syncache / syncookies to ipfw so that it
>could be used to protect hosts behind it, but I don't think anyone has
>tried an implementation of that yet.

This would require the creation of a general transparent TCP proxy
which did the 3-way handshake and then connected to the internal
host only if the handshake succeeded. Trouble is, it would need
to translate sequence numbers throughout the entire session.
Could be done with divert sockets and a daemon like natd, I 
imagine.

--Brett



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030521234939.02fbdc20>