Hello all. I saw that we can protect syn-flooding using iptables like this. $IPTABLES -N syn-flood $IPTABLES -A INPUT -p tcp --syn -j syn-flood $IPTABLES -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN $IPTABLES -A syn-flood -j DROP But I think that anyone can't protect syn-flooding attack completely using this rule, just some legal client can't connect the server because the rate limit rule in busy system. I guess that any firewall can't protect syn-flooding except tcp intercept method.right? (but tcp intercept requires so much memory) any idea? Thanks in advance. _________________________________________________________________ Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ http://www.msn.co.kr/stock/
