[ILUG] SYN flood protection
ajh at devfoo.net
Fri Oct 29 12:30:41 IST 2010
On Fri, Oct 29, 2010 at 12:03 PM, Kieran Tully <kieran.tully at gmail.com> wrote:
> At http://deflate.medialayer.com/ there is a script called DDoS-Deflate
> It adds iptables rules to blackhole machines that make more connections than
> the threshold. It's a little bit rough around the edges, but if it manages to
> understand the output of netstat on your system, it does work quite well. It
> costs relatively little to block a host.
I don't know if DDoS-Deflate counts connections in SYN_RECV to
blacklist but someone could craft a SYN packet with a spoofed IP of an
upstream router and have your device blacklist itself off the
Internet. Hopefully it is has a way of whitelisting IPs.
More information about the ILUG