drop success ?
Fri, 26 Oct 2001 00:20:51 +0800
i have using linux 7.1 and with iptables to drop syn flood to my window
1) how to i know iptables is drop all the syn flood packet. ?
i have set it to log and checked from /var/log/messages , just notice the
ip from and to.
how to read it is drop or accept ?
2) when runing synflood from external server to my window server,
in the window server, when i run netstat -p -n
i still can see a lot SYN_RECEIVED list. and from the linux server it will
show suppressd messages
and maximum connection msg.
my script include ON the syn_cookies , but how to know and make sure the
this syn_cookies is running ?
anyone know how to test or check ?
reading from internet a lot sample tell this will block synflood
iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
how to know the above command is working ? anyway to test it ? i have include
in my iptables rules but not sure
is it working.
3) drop still pass in to my nt server ?
# iptables -A INPUT -s 0.0.0.0/0 -j DROP
# iptables -A INPUT -s 184.108.40.206 -j DROP
# iptables -A INPUT -s 220.127.116.11 -j DROP
i have block few ip , but when run synflood to my nt server , in the netstat
-p -n list, it still show
all the ip address and connection with SYN_RECEIVED. why my iptables not drop
when i run synflood with from the ip 1.0.0.01 or 18.104.22.168.1 to NT server, it
still pass in the server
# synflood 22.214.171.124 90 192.168.1.15 80 2000
how to i know netfilter is droped the synflood ??