Basic HTML version of Foils prepared May 19 99

Foil 13 Denial of Service Attacks (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski
SYN Flood - Defense
  • increase size of connection queue (LISTEN-Q in kernel)
    • (Solaris) ndd /dev/tcp tcp_conn_req_max
  • decrease timeout period
    • (Solaris) ndd /dev/tcp tcp_conn_grace_period
  • remember: it is per port, NOT per host
  • deny service to any IP address that sends too many requests in a short period of time
  • RFC 2267 (1998, January): configure routers to block packets with spoofed source addresses. This should be implemented by ISPs. They can prevent packets with spoofed source addresses from leaving their own network

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999