Re: managing a SYN flood

[JGrimshaw () ASAP com]

If it is at a co-location site, I would expect there to be a firewall and 
a router there. If the router is a Cisco router, I think TCP-Intercept may 
help out.  Set it up to just guard the particular public address that the 
game server is hosted on...

This is assuming he has the access himself or the buy in from the router 
admin to protect the games server.

Cisco has an excellent paper on the subject.  Just search their website 
for TCP Intercept, there are examples and everything.  At the very least, 
if the router is not a Cisco router, the documention should at least give 
a concept of what could be done.  I am sure there are comparable commands 
on other router products. 



"Bruyere, Michel" <mbruyere () ezemcanada com> 
03/04/2004 08:04 AM

To
"'security-basics () securityfocus com'" <security-basics () securityfocus com>
cc

Subject
managing a SYN flood






Hi, 
                 I know someone that is running a public Game server. He's 
actually
facing a DDOS SYN flood by a player that has been banned from the server
because of rules violation.

I would like to know if you guys can point me to a good paper on how to
mitigate the effect of the attack in order to be able to keep the system 
up.
I don't have physical access to the server and I tried to help him out the
best as I could but it would be easier to send him a good paper on the
subject.

BTW the server is in co-location on a 100mbits link and is running 2k
server. I helped him to harden the server a little bit since it was WIDE
open to the net. I also gave him the following article to help Windows a 
bit

http://support.microsoft.com/default.aspx?scid=kb;en-us;142641&Product=win20

00

http://support.microsoft.com/default.aspx?scid=kb;en-us;315669&Product=win20

00

It helped somewhat but the server is still unable to deal with the flood.

If you want more info ill be glad to give it out.

Thx for your inputs 



M.Bruyere
Network/systems administrator
CompTIA A+, Network+



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 

any course! All of our class sizes are guaranteed to be 10 students or 
less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the 
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------