Hello, Can you provide more detail on the type of traffic that caused the DOS -- this may help people in the list with suggestions on how to block it :) Michael. On Tue, 9 Dec 2003 18:28:20 +0200 Pasi Kärkkäinen <pasik@xxxxxx> wrote: > On Tue, Dec 09, 2003 at 09:02:21AM -0700, Michael Gale wrote: > > > > Hello, > > > > First make sure you are using tcpsyn_cookies: > > > > echo 1 > /proc/sys/net/ipv4/tcp_syncookies -- if you have not compiled it into the kernel. > > This will help prevent DOS by assigning each incoming syn packet a cookie instead of a actually > > connection state. A connection state will be created once the three way hand shake is completed. > > > > Second -- you should be dropping all packets on all interfaces and then only allow connections > > you have to pass. > > > > Yes.. I'm already doing both of these things. I was thinking of doing some > extra in addition of these.. Sorry I didn't mention about these already. > > There are always some connections allowed that can be used to fill up the > state table.. > > Thanks anyway! > > > Michael. > > > > -- Pasi Kärkkäinen > > ^ > . . > Linux > / - \ > Choice.of.the > .Next.Generation. > -- Michael Gale Network Administrator Utilitran Corporation