Penetration Testing mailing list archives
Re: [PEN-TEST] Any countermeasure for SYN-Flood to SunScreen Firewal
From: "Carter, Adam" <adam () JAFTAN COM AU>
Date: Wed, 24 Jan 2001 09:18:06 +1100
Currently my team has performed a SYN-Flood attack at one site as part of the penetration test that running SunScreen EFS on SunOS 5.6. We perform the attack using TFN2K and managed to halt the server by using only one attack machine. (The throughtput is around 300-500k)
<snip>
Apart from using NIDS or configuring router to provide SYN-Flood countermeasures (which is quite costly), Is there something wrong for the above settings or any other things that can be done at OS level to address this problem?
Perhaps I am misunderstanding the attack, but SYN flooding against the firewall will only work if you are allowing connections to the firewall. If you are not running VPN or smtp gateways or whatever on the firewall, then you should deny inbound connection attempts from all hosts except the management host(s). IIRC SunScreen is just Checkpoint, so take a look at the implied rules, and manipulate them via the policy properties page. If you do need to offer services from the firewall, try using the SYN-Defender (again in policy properties) and let us know how well it works ;-) Adam
Current thread:
- Re: [PEN-TEST] Any countermeasure for SYN-Flood to SunScreen Firewal Carter, Adam (Jan 23)