Skip to main content

Blocking a synflood with IPCOP.

More
16 years 11 months ago #24210 by Tent
Hello, I would like to know how I can block/stop a syn flood attack with the help of IPCOP.

This is for a college project.
IPCOP does not have access to the internet because its a test environment.
I'm using a green and a red interface.
I have a laptop connected to the red interface that is able to send syn floods.
The machine on the red interface is trying to flood a server on the green interface.
The syn flood sends its packages from random ip addresses to a port of choice.

I can't block a single (or a group of) IP address(es) it wouldn't matter much because of the random IP addresses.
I would rather not close the attacked port, the server should remain available after (if possible during) the flood without me touching it.
I think the best way is limit the amount of syn packages allowed to pass through /sec?

I know its possible using iptables I don't know how to enable this ruleset in IPCOP though.
Perhaps I'm totally wrong if anyone could shed some light on this for me.

Any help appreciated.
More
16 years 11 months ago #24220 by DaLight
IPCOP already comes pre-configured with some iptables rules which drop suspicious TCP traffic. Log in via ssh or at the console and you will find these in /etc/rc.d/rc.firewall from about line 36.
More
16 years 11 months ago #24231 by Tent
Thanks but I won't have to do anything about this line?
# Limit Packets- helps reduce dos/syn attacks
More
16 years 11 months ago #24234 by DaLight
Test it out and let us know the results.
More
16 years 11 months ago #24235 by Tent
Ah thought I mentioned it here but I didn't.
I'll be able to test it on Monday, ill post the 'results' after the test.

Thanks for the help so far.
More
16 years 11 months ago #24244 by toddwoo
I'm intrested in knowing whats going on too...
Time to create page: 0.130 seconds