Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Blocking a synflood with IPCOP.

Blocking a synflood with IPCOP. 10 years 8 months ago #24210

  • Tent
  • Tent's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
  • Thank you received: 0
Hello, I would like to know how I can block/stop a syn flood attack with the help of IPCOP.

This is for a college project.
IPCOP does not have access to the internet because its a test environment.
I'm using a green and a red interface.
I have a laptop connected to the red interface that is able to send syn floods.
The machine on the red interface is trying to flood a server on the green interface.
The syn flood sends its packages from random ip addresses to a port of choice.

I can't block a single (or a group of) IP address(es) it wouldn't matter much because of the random IP addresses.
I would rather not close the attacked port, the server should remain available after (if possible during) the flood without me touching it.
I think the best way is limit the amount of syn packages allowed to pass through /sec?

I know its possible using iptables I don't know how to enable this ruleset in IPCOP though.
Perhaps I'm totally wrong if anyone could shed some light on this for me.

Any help appreciated.

Re: Blocking a synflood with IPCOP. 10 years 8 months ago #24220

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
IPCOP already comes pre-configured with some iptables rules which drop suspicious TCP traffic. Log in via ssh or at the console and you will find these in /etc/rc.d/rc.firewall from about line 36.

Re: Blocking a synflood with IPCOP. 10 years 8 months ago #24231

  • Tent
  • Tent's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
  • Thank you received: 0
Thanks but I won't have to do anything about this line?
# Limit Packets- helps reduce dos/syn attacks

Re: Blocking a synflood with IPCOP. 10 years 8 months ago #24234

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
Test it out and let us know the results.

Re: Blocking a synflood with IPCOP. 10 years 8 months ago #24235

  • Tent
  • Tent's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
  • Thank you received: 0
Ah thought I mentioned it here but I didn't.
I'll be able to test it on Monday, ill post the 'results' after the test.

Thanks for the help so far.

Re: Blocking a synflood with IPCOP. 10 years 8 months ago #24244

I'm intrested in knowing whats going on too...
  • Page:
  • 1
  • 2
Time to create page: 0.138 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup