Menu
▾
▴
Re: [Snort-inline-users] Rules to findout DDOS SYN attack
|
From: Will M. <wil...@gm...> - 2005-03-06 16:20:00
|
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j DROP should be iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT On Sun, 6 Mar 2005 08:33:46 -0600, Will Metcalf <wil...@gm...> wrote: > About the only way to do that is rate limiting on packets with the syn > flag set. An example on how to do this in iptables would be something > like. > > iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j DROP > > I think the bleeding snort guy's at one time had some rules to detect > syn floods but I'm not really sure. I would stick the the iptables > rules. > > http://www.bleedingsnort.com > > Regards, > > Will > > > On Sun, 06 Mar 2005 07:45:37 +0530, bharathi <bha...@au...> wrote: > > Hi all, > > We have implemented the snort-inline service in our huge > > network. In that we are frequently getting unwanted DOS/DDOS syn > > traffic.Hence > > we need to drop all those DOS SYN packets without any disturbtion on the > > normal SYN traffic ( Ex: to port 80,22,25,3306 ..). How to do it? > > > > Plz give me any suggestions. > > > > Thanks and Regards, > > Bharathi Raja. > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > |
