* how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood
@ 2005-04-28 3:02 陈志峰
2005-04-29 6:58 ` Song Du
2005-04-29 14:52 ` Henrik Nordstrom
0 siblings, 2 replies; 3+ messages in thread
From: 陈志峰 @ 2005-04-28 3:02 UTC (permalink / raw)
To: netfilter-devel
i am a newman for linux.
recently i want to implement "SYN Proxy firewall"with syn cookies for
"Preventing
SYN Flood".
but i do not know how to implement it?
Please help me. Thank you for any answer and any question.
can you give me a particular answer and some code? can i implement it
on netfilter-
iptable? how implement?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood
2005-04-28 3:02 how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood 陈志峰
@ 2005-04-29 6:58 ` Song Du
2005-04-29 14:52 ` Henrik Nordstrom
1 sibling, 0 replies; 3+ messages in thread
From: Song Du @ 2005-04-29 6:58 UTC (permalink / raw)
To: 陈志峰; +Cc: netfilter-devel
try searching the ml.
imho, netfilter is not such a heal-all, things like "syn proxy" maybe
to complex, just try something simple like limit.
2005/4/28, 陈志峰 <aaafeng@gmail.com>:
> i am a newman for linux.
>
> recently i want to implement "SYN Proxy firewall"with syn cookies for
> "Preventing
>
> SYN Flood".
>
> but i do not know how to implement it?
>
> Please help me. Thank you for any answer and any question.
>
> can you give me a particular answer and some code? can i implement it
> on netfilter-
>
> iptable? how implement?
>
>
--
freewizard (at) gmail.com
http://blog.tsing.org/freewizard/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood
2005-04-28 3:02 how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood 陈志峰
2005-04-29 6:58 ` Song Du
@ 2005-04-29 14:52 ` Henrik Nordstrom
1 sibling, 0 replies; 3+ messages in thread
From: Henrik Nordstrom @ 2005-04-29 14:52 UTC (permalink / raw)
To: 陈志峰; +Cc: netfilter-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN; format=flowed, Size: 612 bytes --]
On Thu, 28 Apr 2005, [GB2312] ³ÂÖ¾·å wrote:
> recently i want to implement "SYN Proxy firewall"with syn cookies for
> "Preventing
>
> SYN Flood".
>
> but i do not know how to implement it?
The simplest approach would be TPROXY with a good user-space proxy (TPROXY
aware), running with SYN-cookies enabled.
If you do not require the original client IP to be preserved during an
attack then a good user-space proxy is sufficient, used in conjunction
with the standard REDIRECT target.
In both cases a limit match is useful to define a threshold when to start
proxying.
Regards
Henrik
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-04-29 14:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-28 3:02 how to implement "SYN Proxy firewall"with syn cookies for "Preventing syn flood 陈志峰
2005-04-29 6:58 ` Song Du
2005-04-29 14:52 ` Henrik Nordstrom
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.