iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j DROP
should be
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT
On Sun, 6 Mar 2005 08:33:46 -0600, Will Metcalf
<wil...@gm...> wrote:
> About the only way to do that is rate limiting on packets with the syn
> flag set. An example on how to do this in iptables would be something
> like.
>
> iptables -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j DROP
>
> I think the bleeding snort guy's at one time had some rules to detect
> syn floods but I'm not really sure. I would stick the the iptables
> rules.
>
> http://www.bleedingsnort.com
>
> Regards,
>
> Will
>
>
> On Sun, 06 Mar 2005 07:45:37 +0530, bharathi <bha...@au...> wrote:
> > Hi all,
> > We have implemented the snort-inline service in our huge
> > network. In that we are frequently getting unwanted DOS/DDOS syn
> > traffic.Hence
> > we need to drop all those DOS SYN packets without any disturbtion on the
> > normal SYN traffic ( Ex: to port 80,22,25,3306 ..). How to do it?
> >
> > Plz give me any suggestions.
> >
> > Thanks and Regards,
> > Bharathi Raja.
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-inline-users mailing list
> > Sno...@li...
> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users
> >
>
|
