Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Blocking a synflood with IPCOP.

Blocking a synflood with IPCOP. 8 years 11 months ago #24210

  • Tent
  • Tent's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Hello, I would like to know how I can block/stop a syn flood attack with the help of IPCOP.

This is for a college project.
IPCOP does not have access to the internet because its a test environment.
I'm using a green and a red interface.
I have a laptop connected to the red interface that is able to send syn floods.
The machine on the red interface is trying to flood a server on the green interface.
The syn flood sends its packages from random ip addresses to a port of choice.

I can't block a single (or a group of) IP address(es) it wouldn't matter much because of the random IP addresses.
I would rather not close the attacked port, the server should remain available after (if possible during) the flood without me touching it.
I think the best way is limit the amount of syn packages allowed to pass through /sec?

I know its possible using iptables I don't know how to enable this ruleset in IPCOP though.
Perhaps I'm totally wrong if anyone could shed some light on this for me.

Any help appreciated.
The administrator has disabled public write access.

Re: Blocking a synflood with IPCOP. 8 years 11 months ago #24220

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
IPCOP already comes pre-configured with some iptables rules which drop suspicious TCP traffic. Log in via ssh or at the console and you will find these in /etc/rc.d/rc.firewall from about line 36.
The administrator has disabled public write access.

Re: Blocking a synflood with IPCOP. 8 years 11 months ago #24231

  • Tent
  • Tent's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Thanks but I won't have to do anything about this line?
# Limit Packets- helps reduce dos/syn attacks
The administrator has disabled public write access.

Re: Blocking a synflood with IPCOP. 8 years 11 months ago #24234

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Test it out and let us know the results.
The administrator has disabled public write access.

Re: Blocking a synflood with IPCOP. 8 years 11 months ago #24235

  • Tent
  • Tent's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Ah thought I mentioned it here but I didn't.
I'll be able to test it on Monday, ill post the 'results' after the test.

Thanks for the help so far.
The administrator has disabled public write access.

Re: Blocking a synflood with IPCOP. 8 years 11 months ago #24244

  • toddwoo
  • toddwoo's Avatar
  • Offline
  • Distinguished Member
  • Posts: 173
  • Karma: 0
I'm intrested in knowing whats going on too...
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup