Home page logo
/

basics logo Security Basics mailing list archives

Re: managing a SYN flood
From: nick <nick () mobilia it>
Date: Fri, 05 Mar 2004 10:06:44 +0100

Bruyere, Michel wrote:

Hi, I know someone that is running a public Game server. He's actually
facing a DDOS SYN flood by a player that has been banned from the server
because of rules violation.

I would like to know if you guys can point me to a good paper on how to
mitigate the effect of the attack in order to be able to keep the system up.
I don't have physical access to the server and I tried to help him out the
best as I could but it would be easier to send him a good paper on the
subject.

BTW the server is in co-location on a 100mbits link and is running 2k
server. I helped him to harden the server a little bit since it was WIDE
open to the net. I also gave him the following article to help Windows a bit

http://support.microsoft.com/default.aspx?scid=kb;en-us;142641&Product=win20
00

http://support.microsoft.com/default.aspx?scid=kb;en-us;315669&Product=win20
00

It helped somewhat but the server is still unable to deal with the flood.

If you want more info ill be glad to give it out.

Thx for your inputs


M.Bruyere
Network/systems administrator
CompTIA A+, Network+



Managing a syn flood really can't be done at the server level, even if you're denying all the traffic coming from the IP address (or addresses), it's still going to be clogging your pipe.

Someone else mentioned this as well, it has to be dealt with upstream, to stop the traffic before it arrives at your connection. Getting his (and quite possibly the flooder's) ISP involved is probably the best course of action, most ISPs don't look fondly upon that sort of behavior. At the very least, his ISP can probably stem the flow....

Nick


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault