Unfortunately you'll only be able to avoid this kind of attack using a
powerful filter in your gateway but you must be careful: this need to be if
possible, in your backbone. You won't be able to protect yourself from your
own box. But you can also check the option for TCP_SYN_COOKIES in your
kernel. This might help with excessive memory usage with TCP connections
(this is one of the effects those DoS SYN/ACK tools cause)
Well I think that's it. IPCHAINS isn't enough for this...
On Mon, 11 Dec 2000, Andrita Constantin wrote:
> Date: Mon, 11 Dec 2000 11:52:19 +0200
> To: INCIDENTS_at_SECURITYFOCUS.COM
> From: Andrita Constantin <aconstantin_at_EXPERT.RO>
> Reply-To: Andrita Constantin <aconstantin_at_EXPERT.RO>
> Sender: Incidents Mailing List <INCIDENTS_at_SECURITYFOCUS.COM>
> Subject: could be slice?
>
> Hello
>
> For two weeks now I'm facing a problem with floods almost on a daily
> basis.
>
> I get 3000 and more TCP SYN connections from random hosts. I've been
> told that this might be generated by a tool called slice.
>
> Can somebody point me in the right direction to find out how can I trace
> the flooder?
>
> Or can I do something to prevent/stop these attacks?
>
> Regards
>
> Andrita Constantin
> ------------------------------------------------
> Is it progress if a cannibal uses a knife and fork?
--
.--------------------.
| Guilherme Mesquita |
| guy_at_linuxbr.com.br |
| UIN # 5864338 |
`--------------------'
Received on Dec 17 2000
Intro
