Re: Protecting against DoS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

	Can you provide more detail on the type of traffic that caused the DOS -- this may help people in the list with suggestions on how to block it :)

Michael.



On Tue, 9 Dec 2003 18:28:20 +0200
Pasi Kärkkäinen <pasik@xxxxxx> wrote:

> On Tue, Dec 09, 2003 at 09:02:21AM -0700, Michael Gale wrote:
> > 
> > Hello,
> > 
> > 	First make sure you are using tcpsyn_cookies:
> > 
> > echo 1 > /proc/sys/net/ipv4/tcp_syncookies -- if you have not compiled it into the kernel. 
> > This will help prevent DOS by assigning each incoming syn packet a cookie instead of a actually 
> > connection state. A connection state will be created once the three way hand shake is completed.
> > 
> > Second -- you should be dropping all packets on all interfaces and then only allow connections 
> > you have to pass.
> > 
> 
> Yes.. I'm already doing both of these things. I was thinking of doing some
> extra in addition of these.. Sorry I didn't mention about these already.
> 
> There are always some connections allowed that can be used to fill up the
> state table..
> 
> Thanks anyway!
> 
> > Michael.
> > 
> 
> -- Pasi Kärkkäinen
>        
>                                    ^
>                                 .     .
>                                  Linux
>                               /    -    \
>                              Choice.of.the
>                            .Next.Generation.
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux