Women in Technology

Hear us Roar



Article:
  OpenBSD PF Developer Interview
Subject:   questions of the bridge
Date:   2004-06-22 11:46:45
From:   xiyang
Dear Sir:
i install the OpenBSD3.4 as the bridge firewall.below is the topology:


internet<----->OpenBSD_bridge_Firewall<----->hub/switch<------>webserver


now,there's a SYNFLOOD attack on my webserver.
what can i do on the OpenBSD bridge Firewall?
i know the synproxy of the OpenBSD,but,The SYN proxy will not work if PF is running on a bridge(4).
would you please give me hand?
thank you very much!


Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • questions of the bridge
    2004-06-22 22:09:42  Federico Biancuzzi | O'Reilly AuthorO'Reilly Blogger [View]

    If you install 3.5 you could limit the number of states by src IP. I think this could work if they doesn't use random spoofed src IPs.
    • questions of the bridge
      2004-06-22 23:15:11  xiyang [View]

      two problems:
      1)it is random(),the method that limit the number of states by src IP maybe not effective.
      2)i had use the function in the freebsd 4.10,but,the attacker could stuff your stack(net.inet.ip.fw.dyn_count) immediately,the syslogd report that "too many dyn rules..",so,you must add the num of net.inet.ip.fw.dyn_max, do like:
      sysctl -w net.inet.ip.fw.dyn_max=32768