How to defend tcp syn attack when using snat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

HI,

    We are using nftable as a NAT role, like

    client <====> Nftables (dnat+snat) <====> server

   When attacker creating thousands of  tcp syn to Nftables, snat will
use up all the sport, since nftable never do the real tcp connection
with client before forward to server.

    How can I avoid this attack? Any way to check the reality of tcp
syn requests?

    Thanks.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux