Hi,
DDoS SYN flood attack are unfortunately very different and hard to defend against.
What?
Not really if you understand the TCP protocol, it's just a bunch of TCP connections (can't really call them connections yet since they are still stuck in the synchronize state) overflowing the tcp queue.
Turning on syncookies is usually enough to deal with basic SYN flood variants though that functionality comes with it's own set of drawbacks.
net.ipv4.tcp_syncookies = 1
- William
On 01/04/2021, lists@for-privacy.net lists@for-privacy.net wrote:
On 30.03.2021 19:46, Toralf Förster wrote:
On 2/22/21 3:27 PM, Toralf Förster wrote:
# DDoS
$IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --update --seconds 60 --hitcount 10 -j DROP
just for the record:
In the emanwhile I do think that this idea was BS.
The reason is that if an advisory spoofs the sender address then this eventually blocks the (spoofed) sender address thereby.
DDoS SYN flood attack are unfortunately very different and hard to defend against.
I recently found something: SYNPROXY https://www.redhat.com/en/blog/mitigate-tcp-syn-flood-attacks-red-hat-enterp...
https://hakin9.org/syn-flood-attacks-how-to-protect-article/ at the bottom: # iptables -t mangle -I PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -m tcpmss ! --mss 536:65535 -j DROP
Does anyone know the community services of Team Cymru? Is that really free? That might be something for people with their own ASN like nifty. https://team-cymru.com/community-services/utrs/
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays