SYN flooding
Erdal MUTLU
emutlu@fonts.de
Mon, 4 Mar 2002 10:31:37 +0100
Hello,
Last Friday I installed a RedHat 7.2 with ext3 file system, custom 2.4.18
firewall and ipytables-1.2.5. The server is a squid cache. When I try to use
it as a HTTP proxy I get a lot of SYN flood in my log file.
$ipt --new-chain syn-flood
$ipt --append syn-flood --match limit --limit 1/s --limit-burst 4 --jump
RETURN
$ipt --append syn-flood --jump LOG --log-prefix "$fw SYNFLOOD:"
$ipt --append syn-flood --jump DROP
......
$ipt --append INPUT -i eth0 --protocol tcp --syn --jump syn-flood
$ipt --append INPUT -ieth0 --protocol tcp --syn --jump syn-flood
I have RedHat 7.1 with ext2 with 3 interface cards and with the same rule and
works perfect.
I changed Inter pro100 NIC to 3c905C-TX without success.
What can be the cause of the problem?
Best regards.
Erdal MUTLU