[olug] SYN Flood Protection

Charles Bird thebirdman at operamail.com
Tue Jan 17 22:58:37 UTC 2006


I am planning on seeing what happens, an unusable state is the goal.
I suppose things could be tweaked until the only way she goes down is kernelpanic.
So in a way it will be a learning experience for me doing benchmarks on this, and tweak it to see what kind of load it can sustain and see what kind of Lag times happen.

The people that have helped make this happen(script kiddies) usually dont have alot of resources to do anything really advanced besides syn floods in lower bandwidth situations.

For now it just has to be able to do this in production on either a 10/10Mb or a 20/20Mb connection.
But the test enviroment is 100Mb with the intent of total destruction and in the end a major improvment than the begining.
I didnt think of the logging part, you are right and have saved me some time :)  Thanks 





----- Original Message -----
From: "Daniel Linder" <dan at linder.org>
To: "Omaha Linux User Group" <olug at olug.org>
Subject: Re: [olug] SYN Flood Protection
Date: Tue, 17 Jan 2006 16:08:45 -0600 (CST)

> 
> 
> 
> 
> 
> On Tue, January 17, 2006 15:45, Charles Bird wrote:
> 
> > The resources that I have been using is my buddy and a little bit on
> the
> 
> > web, I dont have the URL atm but i know I started out on:
> 
> >
> http://www.cyberciti.biz/nixcraft/vivek/blogger/2005/07/linux-iptables-10-how-to-block-common.html
> 
> > and then I was in alot of other sites, no books.
> 
> 
> 
> Thanks, i'll peruse that later...
> 
> 
> 
> > I believe my buddy has the tools to crash but if not then may take
> longer
> 
> > for my to figure that out since i dont have anything like that on
> hand.
> 
> > Would Pentoo have that on disc perhaps? I know it has "cisco
> torch" so I
> 
> > am assuming that it can ddos too.
> 
> 
> 
> When you say "crash", do you mean a true kernel panic and/or
> taking the OS down, and/or make the firewall un-usable to pass
> packets?
> 
> 
> 
> The latter is quite easy to do if you have the system log too much -- from
> experience, I know that you don't want your Internet-exposed firwall
> device logging each denied packet. :(  Since I was only wanting an
> overview of what was happening, I used the --limit/--limit-burst options
> to limit my logging after that.
> 
> 
> 
> Dan
> 
> 
> 
> - - - -
> 
> "Wait for that wisest of all counselors, time." -- Pericles
> 
> "I do not fear computers, I fear the lack of them." -- Isaac
> Asimov
> 
> GPG fingerprint:6FFD DB94 7B96 0FD8 EADF  2EE0 B2B0 CC47 4FDE 9B68
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze



More information about the OLUG mailing list