Hello
Maybe a bit out of topic but we ran last weekend a 486 as firewall and
exposed it to the real bad bad world(g).
We had the system for more then 24 hours under a full scale attack and
it survived.
System ran Linux (obviously) and stood up extreemly well, a few minor
hickups but nobody got in or knocked it off line...
We now have to see what the 75 mb of logs tell us...
I had a conversation with a friend of mine to see how we could make it
better...
Conversation quoted below, and essentially if anyone knows how to DO
that Low level setting my friend talks about... he doesnt either!
Mail could be offline to [EMAIL PROTECTED]
Quote:
If enough clients
out there respond to the flood command, they in turn generate a BUNCH of
requests to the victim server. With a big pipe, they all get through, and
seem to come from very disparate sources. The server does what it can to
fill the requests. If they are all on port 80, or some mapped HTTP port,
the server settings can throttle down just how many requests get honored at
a time. (with Apache, this is cake.) but SYN floods are a different
story. All you can really do is change the number of responces that a
server will give before throwing the bullshit flag. This is a low level
setting in the socket/packet driver and isn't very easy to get to. (hell,
I'm not even sure how to get to it on my machines)
EOQ.
Advice welcome!
Also in case anyone wants to be informed when we repeat the excercise
email me so I can let you know.
--
Best regards,
tracer
Using theBAT 1.42 Beta/16
mail to : [EMAIL PROTECTED]
using FireTalk: 321338
LOCAL phone: 271194
