Re: [HELP] A Question About Attack By SYN and FIN....
I'm not sure if you're refering to SYN flooding, but if you are you can compile syn cookies into your kernel, then enable it by doing a "echo 1 > /proc/sys/net/ipv4/tcp_syncookies".
As for striking back, it's not recommended (it's illegal, they might be attacking from an innocent host they hacked, if they aren't making complete connections the IP is probably spoofed, etc), if it becomes a problem alert the proper authorities or try to find their upstream provider.
-Greg
> Recently, some of the fools use SYN ,FIN and ACK packet attack my websit and attempted DROP my Database -_-
>
> Now, I using iptables to protect my website......
>
> <<<
> iptables -A FORWARD -p tcp --syn -m limit --limit 1/m -j ACCEPT
> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/m -j ACCEPT
> iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/m -j ACCEPT
>
> My Question is : How should i kick out illegal connection(SYN or FIN) immediately when iptables is NOT working !!!!!!
>
--
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
greg@supplyedge.com
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: