Basic HTML version of Foils prepared May 19 99

Foil 13 Denial of Service Attacks (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski
1 SYN Flood - Defense
  • increase size of connection queue (LISTEN-Q in kernel)
    • (Solaris) ndd /dev/tcp tcp_conn_req_max
  • decrease timeout period
    • (Solaris) ndd /dev/tcp tcp_conn_grace_period
  • remember: it is per port, NOT per host
  • deny service to any IP address that sends too many requests in a short period of time
  • RFC 2267 (1998, January): configure routers to block packets with spoofed source addresses. This should be implemented by ISPs. They can prevent packets with spoofed source addresses from leaving their own network
in Table To:

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999