Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Wrong Shadowing detected

UlrichCM
2008-11-26
2013-03-05
  • UlrichCM
    UlrichCM
    2008-11-26

    To avoid SynFloods i jump into the Chain SynFlood

    1. Any Source - Any Destination - FTP - All Interface - Inbound - Custom -j RETURN - Any Time - Options: hashlimit 1 per second
    2. Any Source - Any Destination - FTP - All Interface - Inbound - Deny - Any Time - Options: LOG

    This will found as Shadowing in Version 3 not in Version 2

    Only if there is more than 1 syn paket per second it will be dropped/deny.

    Maybe there exists a better way?

     
    • Vadim Kurland
      Vadim Kurland
      2008-12-03

      may be a couple of suggestions:

      instead of making custom chain you could put rule in the main rule set with action Deny and the same hashlimit configuration

      or

      you could still use second ruleset "SynFlood" but create custom service with iptables string something like "  -m hashlimit --hashlimit 1/second --hashlimit-name htable_rule_0-j" and use it in the rule. In this case you match FTP service in the rule that does the branching.