RE: [Snort-users] tcp flood
This is a discussion on RE: [Snort-users] tcp flood within the Snort forums, part of the System Security and Security Related category; Well if you want to do it that way (again, I would block at the perimeter) then you can use ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-08-2005
|
|||
|
|||
RE: [Snort-users] tcp flood
Well if you want to do it that way (again, I would
block at the perimeter) then you can use these commands: iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT iptables -A INPUT -p tcp --syn -j LOG --log-prefix "SYN FLOOD " iptables -A INPUT -p tcp --syn -j DROP Cheese! Marc --- Joaquin Grech <joaco@bocazas.com> wrote: > I am looking at the iptables but I can't find a way > to block based on > throttle per ip, only for the whole type of > connection. > > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users-admin@lists.sourceforge.net] On > Behalf Of Matt Kettler > Sent: Monday, March 07, 2005 5:13 PM > To: SN ORT; snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] tcp flood > > At 03:25 PM 3/7/2005, SN ORT wrote: > >You can rate-limit on just about any Cisco device > >(including PiX) to limit DoS attacks, including TCP > >SYN attacks, by using access-lists with rate-limit > >commands. Look to your Internet routers to stop the > >attacks. > > > Marc, > > The Cisco PiX OS as of the most recent released > version 6.3(4) does not > support rate-limit in an access-list. > > http://www.cisco.com/univercd/cc/td/...sw/v_63/cmdref > /ab.htm#wp1067755 > > > The rate-limit feature requires QoS support, > something the PiX currently > lacks entirely, but the as-yet-unreleased PiX OS 7.0 > is reported (by > Cisco's website) to support QoS. > > The "new features" datasheet for PiX 7.0 is listed > here: > > http://www.cisco.com/en/US/products/..._data_sheet090 > 0aecd80225ae1.html > > Any QoS enabled IOS image should be able to do rate > limiting, but I'm not > sure which IOS feature sets have QoS and which do > not. > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT > Products from real users. > Discover which products truly live up to the hype. > Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or > unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > __________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
