LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-20-2009, 12:13 PM   #1
dylan0
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
Using iptables firewall against syn flood attacks


Could someone help with configuring an iptables firewall using hashlimits against syn flood attacks. On my other 'test' pc i've got an tool named PortFuck. With the tool i can put my server offline, it's flooding syn attacks. I've tried to use a lot of stuff like APF/Mod_evasive/Dos deflate but all those software doesnt word against the hardness of the flood. A long time ago someone configured my iptables firewall with fwlogwatch and it blocked the flood, the server didnt go offline! But i lost all the files and settings (damn bad!).. I've heared something about hashlimits in CentOS 5 (with newest kernel). Could someone write me an working iptables firewall against syn floods?

Regards.
 
Old 03-21-2009, 05:36 AM   #2
abolishtheun
Member
 
Registered: Mar 2008
Posts: 183

Rep: Reputation: 31
I'm too drunk to remember the exact syntax, but there's a --limit option for iptables... something like --limit 10/min from an ip address should cover such attacks.
 
Old 03-21-2009, 07:22 AM   #3
dylan0
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Urgh.. Ok, i've used Google many times but i can't find the iptables rules i am looking for..
 
Old 03-21-2009, 03:44 PM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,066

Rep: Reputation: 895Reputation: 895Reputation: 895Reputation: 895Reputation: 895Reputation: 895Reputation: 895
I'm sorry I can't completely understand the way that you have phrased the question; however does either of these help at all?
http://www.cyberciti.biz/tips/howto-...n-attacks.html
http://www.securityfocus.com/infocus/1729

If they fail, perhaps a more general description of firewalls http://www.linuxhomenetworking.com/w...Using_iptables or http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html.

Alternatively, and if all else fails, there is this bit of light reading http://iptables-tutorial.frozentux.n...tml/index.html. A lovely bit of work, but not lightweight.
 
Old 03-21-2009, 11:30 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by dylan0
Could someone write me an working iptables firewall against syn floods?
Is iptables a requirement for your scenario? There is a SYN flood protection mechanism built into the kernel that you can enable with sysctl, i.e.:

# sysctl net.ipv4.tcp_syncookies=1
 
Old 03-22-2009, 03:17 PM   #6
dylan0
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by anomie View Post
Is iptables a requirement for your scenario? There is a SYN flood protection mechanism built into the kernel that you can enable with sysctl, i.e.:

# sysctl net.ipv4.tcp_syncookies=1
# sysctl net.ipv4.tcp_syncookies=1 this wont work for me, the syn flood is too hard. (only 1 computer syn flooding)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[IpTables]Syn Flood protection and apache lag Atikae Linux - Security 3 03-17-2009 05:45 PM
New Firewall - SYN Flood kriggo15 Linux - Security 34 12-15-2005 04:19 PM
SYN flood 98steve600 Linux - General 1 03-28-2005 03:27 AM
SYN flood with Game Empowerer Linux - Networking 3 07-25-2004 04:36 PM
protection from SYN flood attacks chenkoforever Linux - Security 4 06-22-2004 05:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration