On Thursday 23 May 2002 15:32, Andreas Wahlert wrote:
Hi list,
i've testet SuSE 8.0 with iptables and squid. When i start many (7) nmap scans, options -sF sX sN sS sU, sychronously from another maschine against the public interface of the Squid and iptables firewall, the scanlogd service crashes and the squid is very slow. The users behind the Firewall don't see any Homepage in their browsers. All sites are unreachable. If the scans are stopped, everything works fine.
Well, for all intents and purposes, starting 7 instances of nmap with all of the 'exotic' scanning methods included, is very very close [if not equal to-] a DoS ("Denial of Service"). So, it should not come as a surprise that the un-intended DoS you started against yourself proves to be somewhat 'more efficient than expected ;-) ' ie. that it blocks off your server. There are not many things you can do against a real DoS, if you can at all. For more info on that, check (amongst others) http://www.grc.com However, some measures by iptables can help a little bit, IIRC... Maarten -- Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273