RE: preventing SYNC attacks...

[Neil Fryer <nfryer () marimba com>]

Hi Charles,

Yes you can prevent SYN attacks at a firewall level, the ones that I know
off hand that you can do this with are Watchguard, and netfilter(Linux). But
then this will only stop things on one side of your network, well I suppose
this depends how you set it up, as I haven't really tried tweaking it to do
it on a host by host basis, but it should be possible depending on how your
firewall is set up.
If however the SYN attack is coming from a host inside your network,
targeting hosts on the same subnet, this may not be firewalled, and
therefore may not be stopped.

Basically yes it's possible, but it all depends on how concerned you are
about SYN attacks, as to how much effort you want to put into blocking them.
If you are happy to block SYN attacks from coning into your network from the
Net, then a firewall would solve this problem for you.

I am pretty sure that routers can do this as well, but maybe someone else on
here will be able to provide you with more info on that.

HTH

Neil 

-----Original Message-----
From: Mr. Charles Darwin [mailto:otzie () hotpop com]
Sent: Wednesday, March 03, 2004 10:36 PM
To: security-basics () securityfocus com
Subject: preventing SYNC attacks...


hi everyone

i know that acording to some microsoft papers, i can prevent sync 
attacks in every compurter by modifying the registry (at least in win nt 
4.0 & 5.0). In a large network this only means one thing: tons of work 
without forgetting this may carry another tons of problems if we are not 
cautious enough...

but i was wondering if there is such a way to prevent sync attacks from 
an upper level, like for example cisco switches or routers, may be a 
firewall?

Regards.

Charles D




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------