[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] SYN attacks killing me! Please HELP!

Subject: RE: [cobalt-security] SYN attacks killing me! Please HELP!
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Tue, 23 Jul 2002 15:04:40 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Gunther wrote:

> How can TCP intercept be enabled on a linux box using 
> ipchains or iptables ??

...after several other people said words to the effect of:

> The correct way probably is using TCP intercept.  The one who
> controls the router does this.  Blocking is ineffective and
> obviously can have side-effects.

And the answer to your question, Gunther, is that you can't.

TCP Intercept is a function of some specific versions of the Cisco IOS (and other vendor's router operating systems too) and can only be enabled on a router.

To answer everyone else's points too; it _is_ possible to effectively squash TCP SYN flood attacks without needing to enable something as resource-intensive as TCP Intercept at your network boundary. A similar effect can be gained by rate-limiting SYN packets to a predetermined percentage of your line speed, and permitting them to burst to a slightly higher rate.

It still means it has to be done at your network edge, though, so if have no control over your router you'll have to ask whoever does.

Regards

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Follow-Ups:
- RE: [cobalt-security] SYN attacks killing me! Please HELP!
  - From: E.B. Dreger

Prev by Date: AW: [cobalt-security] SYN attacks killing me! Please HELP!
Next by Date: RE: [cobalt-security] SYN attacks killing me! Please HELP!
Previous by thread: Re: [cobalt-security] SYN attacks killing me! Please HELP!
Next by thread: RE: [cobalt-security] SYN attacks killing me! Please HELP!

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index