Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Post connection SYN

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 17 Oct 2003 16:06:51 +0200

(sidenote: I don't think Raghuveer was asking about syn flood
 protection, but rather prevention of SYNs in the middle of
 established TCP connections)

Paul Robertson wrote:



Since SYN floods are flood attacks, protection against them really needs
to have some rate-based measurement which should be adjustable (high
volume sites can see rates which would be above normal, and low volume
sites can get the same symptoms if they suddenly become high volume
sites.)


OR you set up the firewall to answer SYNs on behalf of the server
and wait for the handshake with the client to complete before doing 
the handshake with the server, and assume that the firewall's state
table can take much more of a beating than the server. Which is 
usually true.  This way, you don't have to worry about rate limiting
at all.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: