LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Alex Wilkinson <valex@style.senet.com.au>
To : linuxsa@linuxsa.org.au
Date: Sun, 16 Apr 2000 12:32:07 +0930 (CST)
ipchains
Howdy,
A few questions regarding IPchains.
1. I am a target of a DoS attack <a SYN flood> to port 80
2. I notice that cpu usage etc have increased enormously
3. I do a tcpdump and get the ip of the attacker
4. I then append an input rule
eg:
$ ipchains -A input -p TCP -d <attackers IP> ! www
I *think* this will deny all packets to port 80 but all other TCP packets
r ok.
1. Is this correct?
2. If I apply this rule straight away I assume it will not take place
until I reboot. Is this true or is there a way to start the rules
without a reboot eg kill -HUP ?
Basically I'm just trying to stop DoS SYN attacks on port 80.
Any other advice regarding techniques to stop DoS SYN attacks would be
cool :)
Cya
- Alex
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page