Sietse van Zanen wrote:
There's not really very much you can do about DDOS attacks with netfilter alone. You can block the traffic ofcourse, or try to fiddle with --limit, or tcp_syn_cookies.
i think as a attacker try to send more and more sync packets, router
will lose cpu time and system resource .. even if tcp_syn_cookies
function is active or not. the reason i think like this is that i heard
tcp_syn_cookies
can't stop router being slow..
in this DDOS attaction problem, i suggest as NIC driver module detects
packet flooding, DOS attack and block or
ignore the packet which is sent from the attacker. we can protect out
network backlog safely and there will be no network soft irq ..
a few week later, i will try to test my idea.
i will use detection engine i made 3 year ago (
http://sourceforge.net/projects/geto )
as a result, i can't sure my idea is right. so i try to test that.
But usually the problem is that the amount of traffic just fills your entire Internet connecection, which renders it useless. The only thing you can do in such a situation is ask yout ISP to block the attack upstream.
And often, ISPs are very unhappy about customers being DDOS-ed.
-Sietse
-----Original Message-----
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Alberto Ferrer
Sent: Saturday, June 03, 2006 10:33 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: How stop DoS and SYN attack..
¿any know a way to stop via Linux with iptables or related a SYN attack ?
¿where i can read something related to this?
Thanks in advance.
P.S: sorry for my bad english :D
--
Alberto Ferrer
