Menu
▾
▴
Re: [Snort-inline-users] Rules to findout DDOS SYN attack
|
From: Will M. <wil...@gm...> - 2005-03-06 14:33:53
|
About the only way to do that is rate limiting on packets with the syn flag set. An example on how to do this in iptables would be something like. iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j DROP I think the bleeding snort guy's at one time had some rules to detect syn floods but I'm not really sure. I would stick the the iptables rules. http://www.bleedingsnort.com Regards, Will On Sun, 06 Mar 2005 07:45:37 +0530, bharathi <bha...@au...> wrote: > Hi all, > We have implemented the snort-inline service in our huge > network. In that we are frequently getting unwanted DOS/DDOS syn > traffic.Hence > we need to drop all those DOS SYN packets without any disturbtion on the > normal SYN traffic ( Ex: to port 80,22,25,3306 ..). How to do it? > > Plz give me any suggestions. > > Thanks and Regards, > Bharathi Raja. > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
