Denial of Service Attacks (3)

• SYN Flood - Defense

  • increase size of connection queue (LISTEN-Q in kernel)
    • (Solaris) ndd /dev/tcp tcp_conn_req_max
  • decrease timeout period
    • (Solaris) ndd /dev/tcp tcp_conn_grace_period
  • remember: it is per port, NOT per host
  • deny service to any IP address that sends too many requests in a short period of time
  • RFC 2267 (1998, January): configure routers to block packets with spoofed source addresses. This should be implemented by ISPs. They can prevent packets with spoofed source addresses from leaving their own network

Previous slide

Next slide

Back to first slide

View graphic version