drop success ?

[wong]

hi

i have using linux 7.1 and with iptables to drop syn flood to my window
server
1) how to i know  iptables is drop all the syn flood packet. ?

 i have set  it to log and checked  from /var/log/messages ,  just notice the
ip from and to.
how to read it is drop or accept ?

2)  when runing synflood from external server to   my window server,
in the window server, when i run netstat -p -n
i still can see a lot  SYN_RECEIVED list.  and from the linux server it will
show suppressd messages
and maximum connection msg.

my script include ON  the syn_cookies  , but how to know  and make sure the
this syn_cookies is running ?
anyone know how to test or check ?

reading from internet  a lot sample tell this will block synflood
iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT

how to know the above command is working ? anyway to test it ? i have include
in my iptables rules but not sure
is it working.

3)  drop still pass in to my nt server ?

# iptables -A INPUT -s 0.0.0.0/0 -j DROP
# iptables -A INPUT -s 1.0.0.1 -j DROP
# iptables -A INPUT -s 5.0.0.0 -j DROP

i have block few ip  , but when run synflood to my nt server , in the netstat
-p -n list, it still show
all the ip address and connection with SYN_RECEIVED.  why my iptables not drop
it ?

when i run synflood with from the ip 1.0.0.01 or 5.0.0.0.1  to NT server,  it
still pass in the server

# synflood 1.0.0.1 90 192.168.1.15 80 2000

how to i know netfilter is droped  the synflood ??


thanks

Wong