Re: SYN Flooding attacks

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ricardo R Loss: "courier v. everything init string"
• Previous message: Kevin Kadow: "Rockwell's 56K is vapor"
• In reply to: Dave Andersen: "Re: SYN Flooding attacks"
• Next in thread: Dave Andersen: "Re: SYN Flooding attacks"

I had to make some minor syntax changes to enter the filter
listed and I have a question on making it active.

On Wed, 25 Sep 1996, Dave Andersen wrote:

> There is no good filter example to prevent SYN flooding attacks from
> hitting your site, but there's definitely a good filter to prevent them
> from COMING from your site.
>
> To prevent them from coming from you:
>
> Assume portmaster is assigning 128.0.0.1 - 128.0.0.30
>
> add filter nosyn.in
> set filter nosyn.in permit 128.0.0.1/27 0.0.0.0/0

should be: set filter nosyn.in 1 permit 128.0.0.1/27 0.0.0.0/0

> set filter nosyn.in deny 0.0.0.0/0 0.0.0.0/0 log

should be: set filter nosyn.in 2 deny 0.0.0.0/0 0.0.0.0/0 log
then : save filter

To view : show table filter all
To list : show filter nosyn.in

> This prevents your portmaster from allowing people to use addresses
> other than those that the portmaster is assigning.

Question: How do I activate this filter for all the ports?

set all ifilter nosyn.in
or
set all ofilter nosyn.in

Thanks!
Bill Martin
Honolulu, HI

• Next message: Ricardo R Loss: "courier v. everything init string"
• Previous message: Kevin Kadow: "Rockwell's 56K is vapor"
• In reply to: Dave Andersen: "Re: SYN Flooding attacks"
• Next in thread: Dave Andersen: "Re: SYN Flooding attacks"