[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] syn flood iptables rule

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] syn flood iptables rule
From: lists@xxxxxxxxxxxxxxx
Date: Thu, 01 Apr 2021 20:52:06 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Apr 2021 06:41:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1617303130; bh=vY3srX0RKgDZFNlSCzv07QrNdClNxNL0K1QXYsVXBm8=; h=Date:From:To:Subject:In-Reply-To:References:From; b=k6p95cm4zJR2I09/9cSrUIIduCJyt3rbLALh+17hsL62+6wDlVcokD2KwYVCG0q4h xCi3LmzBYYbr53+cqtymSn8uP5A/2t2PQRRKPH2SHHjsl2Xv8kdOx9rIRXgqH19EZc zF1sTnl2AwJmlM6RueQcIj/hFmydeHTWezpdWgHXrDoG4p4Ndzr16YDh+P4I0ouqGV +N1TOXZbn1dwV/SsmEXBgDFDR/d6MAMQ7GwbtkfIoSYYG4HhBJS8xX1K9u+BKxGikb azTIqHDAgOZ5HzCnnOSlnUxpIk5OlsvvWZKI6PjGI1Hb2faDKsURZ+7M9ZLRI5TvQR 3K2xVDmqDe3mw==
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1617303130; bh=vY3srX0RKgDZFNlSCzv07QrNdClNxNL0K1QXYsVXBm8=; h=Date:From:To:Subject:In-Reply-To:References:From; b=k6p95cm4zJR2I09/9cSrUIIduCJyt3rbLALh+17hsL62+6wDlVcokD2KwYVCG0q4h xCi3LmzBYYbr53+cqtymSn8uP5A/2t2PQRRKPH2SHHjsl2Xv8kdOx9rIRXgqH19EZc zF1sTnl2AwJmlM6RueQcIj/hFmydeHTWezpdWgHXrDoG4p4Ndzr16YDh+P4I0ouqGV +N1TOXZbn1dwV/SsmEXBgDFDR/d6MAMQ7GwbtkfIoSYYG4HhBJS8xX1K9u+BKxGikb azTIqHDAgOZ5HzCnnOSlnUxpIk5OlsvvWZKI6PjGI1Hb2faDKsURZ+7M9ZLRI5TvQR 3K2xVDmqDe3mw==
In-reply-to: <f4b88ab1-edb0-35ba-0382-c34a6a4bca4d@gmx.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <eace1eef-86e1-58df-9fd3-a10c24eeb412@gmx.de> <f4b88ab1-edb0-35ba-0382-c34a6a4bca4d@gmx.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.3.3

On 30.03.2021 19:46, Toralf Förster wrote:

On 2/22/21 3:27 PM, Toralf Förster wrote:

  # DDoS
$IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set
  $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood
--update --seconds 60 --hitcount 10 -j DROP


just for the record:

In the emanwhile I do think that this idea was BS.

The reason is that if an advisory spoofs the sender address then this
eventually blocks the (spoofed) sender address thereby.

DDoS SYN flood attack are unfortunately very different and hard todefend against.


I recently found something: SYNPROXY
https://www.redhat.com/en/blog/mitigate-tcp-syn-flood-attacks-red-hat-enterprise-linux-7-beta#more-273

https://hakin9.org/syn-flood-attacks-how-to-protect-article/
at the bottom:

# iptables -t mangle -I PREROUTING -p tcp -m tcp --dport 80 -m state--state NEW -m tcpmss ! --mss 536:65535 -j DROP


Does anyone know the community services of Team Cymru?

Is that really free? That might be something for people with their ownASN like nifty.

https://team-cymru.com/community-services/utrs/

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] syn flood iptables rule
  - From: William Kane

Prev by Author: [tor-relays] Running a bridge via google cloud
Next by Author: Re: [tor-relays] OS Upgrade
Previous by thread: Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Next by thread: Re: [tor-relays] syn flood iptables rule
Index(es):
- Author
- Thread