[tor-relays] syn flood iptables rule
William Kane
ttallink at googlemail.com
Fri Apr 2 18:30:38 UTC 2021
Hi,
> DDoS SYN flood attack are unfortunately very different and hard to defend against.
What?
Not really if you understand the TCP protocol, it's just a bunch of
TCP connections (can't really call them connections yet since they are
still stuck in the synchronize state) overflowing the tcp queue.
Turning on syncookies is usually enough to deal with basic SYN flood
variants though that functionality comes with it's own set of
drawbacks.
net.ipv4.tcp_syncookies = 1
- William
On 01/04/2021, lists at for-privacy.net <lists at for-privacy.net> wrote:
> On 30.03.2021 19:46, Toralf Förster wrote:
>> On 2/22/21 3:27 PM, Toralf Förster wrote:
>>>
>>> # DDoS
>>>
>>> $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set
>>> $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood
>>> --update --seconds 60 --hitcount 10 -j DROP
>>
>> just for the record:
>>
>> In the emanwhile I do think that this idea was BS.
>>
>> The reason is that if an advisory spoofs the sender address then this
>> eventually blocks the (spoofed) sender address thereby.
>
> DDoS SYN flood attack are unfortunately very different and hard to
> defend against.
>
> I recently found something: SYNPROXY
> https://www.redhat.com/en/blog/mitigate-tcp-syn-flood-attacks-red-hat-enterprise-linux-7-beta#more-273
>
> https://hakin9.org/syn-flood-attacks-how-to-protect-article/
> at the bottom:
> # iptables -t mangle -I PREROUTING -p tcp -m tcp --dport 80 -m state
> --state NEW -m tcpmss ! --mss 536:65535 -j DROP
>
> Does anyone know the community services of Team Cymru?
> Is that really free? That might be something for people with their own
> ASN like nifty.
> https://team-cymru.com/community-services/utrs/
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list