Mailinglist Archive: opensuse-security (555 mails)
| < Previous | Next > |
Re: [suse-security] problems with DoS part II
- From: Lars Kristian Klauske <lars.klauske@xxxxxxxxx>
- Date: Fri, 18 May 2001 13:42:27 +0200
- Message-id: <3B050AA3.8080703@xxxxxxxxx>
Dear Victim...
I am not quite sure if it helps, but there is a possibility to limit the
damage done to your server...
Gediminas Grigas [home] wrote:
<a href="http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html#toc14";>This</a> is a descriptions
on how to setup the Linux TrafficControl to prevent Syn-Floods. If you just
limit the number of SYN-Packets from that specific ISP to -maybe- 2 to 5 per second,
you will still be reachable, but SYN-Flooding will be virtually impossible.
On the other Hand: while that silly guy is Flooding, nobody from that ISP can reach you.
Another Idea would be to use the "rinetd". I think rinetd first ACK the connection from outside
and when the connection is built, it connects inside, therefore protecting the webserver from
the load... but i dont know, if this is exactly what you needed...
Well, my english is also quite funny, but nevertheless I hope, you´re being helped...
Greetings, Lars Krisitan Klauske
--
This Mail was sent by
LKK11
lars.klauske@xxxxxxxxx
Lars Kristian Klauske
If privacy or security of communication is on your mind, feel free to
establish a secure transmission using the PGP public key obtainable from
http://klauske.myip.org/hucky/lars_kristian_klauske.pgp.publickey
I am not quite sure if it helps, but there is a possibility to limit the
damage done to your server...
Gediminas Grigas [home] wrote:
Hello,
So, i made my script to recognize his calls, and exit fast, so damage
is now kind of minimal (like 5% of CPU and full logs of trash). However its sad to think that
there is not much i can do, except wait when this guy gets bored.
Is there ANY chances fight against spoofed IP`s? Its surely one way
call, however, server is very vulnerable to this.
What if such guy gets on leased line - not on dial-up. He could make
100 calls/second with almost no chance to trace.
<a href="http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html#toc14";>This</a> is a descriptions
on how to setup the Linux TrafficControl to prevent Syn-Floods. If you just
limit the number of SYN-Packets from that specific ISP to -maybe- 2 to 5 per second,
you will still be reachable, but SYN-Flooding will be virtually impossible.
On the other Hand: while that silly guy is Flooding, nobody from that ISP can reach you.
Another Idea would be to use the "rinetd". I think rinetd first ACK the connection from outside
and when the connection is built, it connects inside, therefore protecting the webserver from
the load... but i dont know, if this is exactly what you needed...
Well, my english is also quite funny, but nevertheless I hope, you´re being helped...
Greetings, Lars Krisitan Klauske
--
This Mail was sent by
LKK11
lars.klauske@xxxxxxxxx
Lars Kristian Klauske
If privacy or security of communication is on your mind, feel free to
establish a secure transmission using the PGP public key obtainable from
http://klauske.myip.org/hucky/lars_kristian_klauske.pgp.publickey
| < Previous | Next > |