[tor-relays] syn flood iptables rule
lists at for-privacy.net
lists at for-privacy.net
Thu Apr 1 18:52:06 UTC 2021
On 30.03.2021 19:46, Toralf Förster wrote:
> On 2/22/21 3:27 PM, Toralf Förster wrote:
>>
>> # DDoS
>>
>> $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set
>> $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood
>> --update --seconds 60 --hitcount 10 -j DROP
>
> just for the record:
>
> In the emanwhile I do think that this idea was BS.
>
> The reason is that if an advisory spoofs the sender address then this
> eventually blocks the (spoofed) sender address thereby.
DDoS SYN flood attack are unfortunately very different and hard to
defend against.
I recently found something: SYNPROXY
https://www.redhat.com/en/blog/mitigate-tcp-syn-flood-attacks-red-hat-enterprise-linux-7-beta#more-273
https://hakin9.org/syn-flood-attacks-how-to-protect-article/
at the bottom:
# iptables -t mangle -I PREROUTING -p tcp -m tcp --dport 80 -m state
--state NEW -m tcpmss ! --mss 536:65535 -j DROP
Does anyone know the community services of Team Cymru?
Is that really free? That might be something for people with their own
ASN like nifty.
https://team-cymru.com/community-services/utrs/
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
More information about the tor-relays
mailing list