From: Jeho Park <jhpark-nf-user@kernelproject.org>
To: Sietse van Zanen <sietse@wizdom.nu>
Cc: netfilter@lists.netfilter.org
Subject: Re: How stop DoS and SYN attack..
Date: Tue, 06 Jun 2006 23:55:08 +0900 [thread overview]
Message-ID: <4485974C.3060500@kernelproject.org> (raw)
In-Reply-To: <02BB8A4AC86C564C89C7F14CF98CE0C49C72@knowledge.wizdom.nu>
Sietse van Zanen wrote:
>There's not really very much you can do about DDOS attacks with netfilter alone. You can block the traffic ofcourse, or try to fiddle with --limit, or tcp_syn_cookies.
>
>
i think as a attacker try to send more and more sync packets, router
will lose cpu time and system resource .. even if tcp_syn_cookies
function is active or not. the reason i think like this is that i heard
tcp_syn_cookies
can't stop router being slow..
in this DDOS attaction problem, i suggest as NIC driver module detects
packet flooding, DOS attack and block or
ignore the packet which is sent from the attacker. we can protect out
network backlog safely and there will be no network soft irq ..
a few week later, i will try to test my idea.
i will use detection engine i made 3 year ago (
http://sourceforge.net/projects/geto )
as a result, i can't sure my idea is right. so i try to test that.
>But usually the problem is that the amount of traffic just fills your entire Internet connecection, which renders it useless. The only thing you can do in such a situation is ask yout ISP to block the attack upstream.
>And often, ISPs are very unhappy about customers being DDOS-ed.
>
>-Sietse
>
>-----Original Message-----
>From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Alberto Ferrer
>Sent: Saturday, June 03, 2006 10:33 PM
>To: netfilter@lists.netfilter.org
>Subject: How stop DoS and SYN attack..
>
>¿any know a way to stop via Linux with iptables or related a SYN attack ?
>¿where i can read something related to this?
>
>Thanks in advance.
>
>P.S: sorry for my bad english :D
>--
>Alberto Ferrer
>
>
>
>
>
>
next prev parent reply other threads:[~2006-06-06 14:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-04 7:57 How stop DoS and SYN attack Sietse van Zanen
2006-06-06 14:55 ` Jeho Park [this message]
2006-06-06 15:36 ` Alberto Ferrer
2006-06-06 17:22 ` Jeho Park
2006-06-06 18:00 ` R. DuFresne
-- strict thread matches above, loose matches on Subject: below --
2006-06-03 20:33 Alberto Ferrer
2006-06-03 21:54 ` Mogens Valentin
[not found] ` <e32f231c0606042021t2a80a4det5ed2beeed11e19c5@mail.gmail.com>
[not found] ` <44841859.2060209@vip.cybercity.dk>
2006-06-05 14:10 ` Alberto Ferrer
2006-06-05 14:59 ` Brent Clark
[not found] ` <e32f231c0606060608o6ce1619p3de97cbf2030d0f5@mail.gmail.com>
2006-06-06 13:19 ` Brent Clark
2006-06-06 13:22 ` Alberto Ferrer
2006-06-06 13:20 ` Brent Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4485974C.3060500@kernelproject.org \
--to=jhpark-nf-user@kernelproject.org \
--cc=netfilter@lists.netfilter.org \
--cc=sietse@wizdom.nu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox