On Mon, Nov 01, 2004 at 11:50:37AM -0500, Scott Knake wrote:
<snip>
> That is a little excerpt from ipt_TCMSS.c. The problem is that somebody
> DoS'd me with syn Packets that contained data len(header) <!=
> len(packet). I have a little ServGate SG100 router that handles my T1
> connection. The router physically seized for the 5 minutes or so while
> he packeted because of the amount of logging I'm guessing. How can I
> block this with just an iptables ruleset? I'm trying not to limit the
> incoming number of syn packets and I cant recompile netfilter since it
> is running on a flavored kernel custom for the router. How am I going to
> prevent this in the future?
iptables -t mangle -I PREROUTING -i $external_if -p tcp --syn \
-m length ! --length 60 -j DROP
-j
--
"I bet Einstein turned himself all sorts of colors before he invented
the light bulb."
--The Simpsons
