Re: [Efw-user] syn-flood prevention?

[Matt Hayes]

I'm only responding as most likely you will not get a response from Endian
themselves, I'm not sure why it is not working if you have syn flood
protection enabled already.  I myself am slowly moving from Endian Firewall
Community as I'm not able to get any answers from Endian or their
developers at all.

There are numerous security issues with the distribution specifically with
SSH and openssl.  I'm moving to a more up to date and maintained firewall
for my needs.

Good luck.

On Mon, Feb 9, 2015 at 9:41 AM, Andre Mueller andre.muel...@himmel-blau.com
 wrote:


 Endian 3.0.devel : Community Version

 Hello

 I have the problem that our Endian installation configured as a router
 (public subnet on the orange zone) is attacked on the routers
 WAN-interface (Red uplink) by massive syn-flood requests.

 As we have checked on our Endian syn_cookies are activated, so the first
 perquisite for protection against syn-flood attacks is active. But the
 problem is that our router does respond to every syn-flood request
 (SYN_SENT) and by doing so it saturates our WAN-/upload-Line.

 Is there any possibility that we can prevent our router to send out any
 SYN-packet, whenever a certain amount of not acknowledged SYN-packets
 have sent out to the very same IP-destination (but on different ports)?


 I would be grateful for any hint. Thanks in advance, Andre




 --
 Dive into the World of Parallel Programming. The Go Parallel Website,
 sponsored by Intel and developed in partnership with Slashdot Media, is
 your
 hub for all things parallel software development, from weekly thought
 leadership blogs to news, videos, case studies, tutorials and more. Take a
 look and join the conversation now. http://goparallel.sourceforge.net/
 ___
 Efw-user mailing list
 Efw-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/efw-user

--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

[Efw-user] syn-flood prevention?

[Andre Mueller]

Endian 3.0.devel : Community Version

Hello

I have the problem that our Endian installation configured as a router 
(public subnet on the orange zone) is attacked on the routers 
WAN-interface (Red uplink) by massive syn-flood requests.

As we have checked on our Endian syn_cookies are activated, so the first 
perquisite for protection against syn-flood attacks is active. But the 
problem is that our router does respond to every syn-flood request 
(SYN_SENT) and by doing so it saturates our WAN-/upload-Line.

Is there any possibility that we can prevent our router to send out any 
SYN-packet, whenever a certain amount of not acknowledged SYN-packets 
have sent out to the very same IP-destination (but on different ports)?


I would be grateful for any hint. Thanks in advance, Andre



--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user