On Tue, Jan 18, 2000 at 04:42:21PM -0800, Manuel A. McLure wrote:
> if it breaks, and if it does I'll open 53. I'm also thinking of blocking all
> incoming TCP SYN packets on all ports with
This might break some protocols that need to open ports back up from
the server to the client. (e.g. active ftp) I dunno about other stuff
like Real Audio or Quicktime, but I do know they have weird proxy
needs.
Given than Linux handles SYN floods just fine, blocking SYN's for that
reason isn't particularly useful. If you aren't running service on a
port, a SYN packet is just going to get a RST back anyway. In short,
if you can run nmap against yourself from the outside and not turn up
anything, you should be fine. One might even argue that blocking SYN's
and then logging them makes you vulnarable to DoS from people filling
up your disk with logs. =(
Silly story: When I used to need Samba servers for a bunch of NT
Workstations I was taking care of, I had a problem of a system
Oops'ing reguarly. (This was back in 2.0.x...) The only amusing part
of the problem was when the server would Oops, NT Workstations
desperately trying to contact it would start SYN flooding it. Even in
its partially paralized state, I'd start seeing console messages about
SYN Cookies being dropped... =) (the problem turned out to be bad
RAM.)
-Steve
--
______________________________________________________________________________
Steve Shah ([EMAIL PROTECTED]) | Alteon Web Systems Inc. (Developer/Sysadmin)
http://www.alteon.com | Voice: 408.360.5500 Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beating code into submission, one OS at a time...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
