Home page logo

basics logo Security Basics mailing list archives

RE: Preveting DDOS Syn floods on HTTP servers
From: Fernando Gont <fernando () gont com ar>
Date: Wed, 17 Mar 2004 01:10:58 -0300

At 16:22 09/03/2004 +0000, MARTIN M. BĂ©noni wrote:

Well, I do not know IIS, but on Apache tehere are a couple of options which can help preventing from DDOS attacks. Here are a buch of examples:
-  KeepAlive
-  MaxKeepAliveRequests
-  KeepAliveTimeout
-  ...

I will not say you will or will not, I think you can just HELP PREVENTING!

Why should it help?
TCP's keepalive was meant to clean the system from half open connections.
So it should keick in *fter* a connection has been established, which is not the case of a SYN flood or a reflection attack, as the connections never get established.

For SYN flood, you should enable syncookies.

Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]