Hello, I would like to know how I can block/stop a syn flood attack with the help of IPCOP.
This is for a college project.
IPCOP does not have access to the internet because its a test environment.
I'm using a green and a red interface.
I have a laptop connected to the red interface that is able to send syn floods.
The machine on the red interface is trying to flood a server on the green interface.
The syn flood sends its packages from random ip addresses to a port of choice.
I can't block a single (or a group of) IP address(es) it wouldn't matter much because of the random IP addresses.
I would rather not close the attacked port, the server should remain available after (if possible during) the flood without me touching it.
I think the best way is limit the amount of syn packages allowed to pass through /sec?
I know its possible using iptables I don't know how to enable this ruleset in IPCOP though.
Perhaps I'm totally wrong if anyone could shed some light on this for me.
Any help appreciated.
Re: Blocking a synflood with IPCOP.
12 years 3 months ago #24220