Gunther wrote: > How can TCP intercept be enabled on a linux box using > ipchains or iptables ??
...after several other people said words to the effect of: > The correct way probably is using TCP intercept. The one who > controls the router does this. Blocking is ineffective and > obviously can have side-effects. And the answer to your question, Gunther, is that you can't. TCP Intercept is a function of some specific versions of the Cisco IOS (and other vendor's router operating systems too) and can only be enabled on a router. To answer everyone else's points too; it _is_ possible to effectively squash TCP SYN flood attacks without needing to enable something as resource-intensive as TCP Intercept at your network boundary. A similar effect can be gained by rate-limiting SYN packets to a predetermined percentage of your line speed, and permitting them to burst to a slightly higher rate. It still means it has to be done at your network edge, though, so if have no control over your router you'll have to ask whoever does. Regards Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
