On Wed, 15 May 2002 21:34:51 +0200 (CEST) Maciej Soltysiak <[EMAIL PROTECTED]> wrote: > > Yes you are right, i want to set limit fot this packets and then > > reject them with a limit with tcp-reset.In order to protect my > > bandwidth from syn attacks and replies for that attacks. > I think the rules you are suggesting will sooner or later make you rethink > your strategy, as they will prevent normal TCP operation. > > Look, these rules will look for any RST packets. Not only those from an > attacker, but all RST's ever appearing. NO it will look only packtes with both SYN,RST flags set,open close scan you know. read agian the rule. > Hmm, the best way to prevent that, would be to prevent SYN attacks. > The true power of SYN floods is using spoofed address. > Do some ingress filtering to filter out IPs like 172.16.x.x, etc. Done this at INPUT and PREROUTING chain. > Also you might try the solution proposed in Advanced Routing Howto in the > Cookbook chapter. Yes i have read about this but i have never tried. > Anyway, answering with RSTs to attacked hosts won't reduce the traffic, > but your thinking is clever. I think that if someone send 100 packets per second and i have to replay 100 packets will create a serious bandwidth. THe only thing that i don n't because i never search it is how much bytes is a tcp reset packet.Here in greece with ISDN 128Kbps or 64 kbps at the most companies.:( And that's why i was concerned about bandwidth. Next months will have ADSL:)))
> I am not really sure, if it should be done that way. > Let the list members speak their minds. Yes this is right let the people speak:) Pavlos -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I love having the feeling of being in control while i have the sensation of speed The surfer of life ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
