Not necessarily.... DoS isn't just filling a pipe... ;)Quote:
the pipe is still full and the DoS is still effective.
Printable View
Not necessarily.... DoS isn't just filling a pipe... ;)Quote:
the pipe is still full and the DoS is still effective.
Of course it isn't... But enabling syncookies for example is not going to completely alleviate the effects of a syn flood. You still have to deal with the loss of bandwith. And on what is most likely a 3 meg line at most.... THis could be considerable. SOmeone is obviously after him for some reason.
This is why I suggest talking to the provider. If you can take care of the attack upstream via some sort of filter....
DoS can be caused by a system issue.... It's not all about filling a pipe... a DDoS is but a DoS is a denial of service... There's other ways of denying service than just filling a pipe....
MadAxe, may I suggest you build yourself a Linux gateway and implement IPtables? There are tons of resources and HOWTO's out there that will help you understand the basics. Then there are a plethora of home-grown scripts that allow you to do traffic shaping, QoS, rate-limiting and SYN protection. You could grab any Pentium class machine and add two NIC cards and enable IP forwarding through the IPtables firewall. With this design you will not only have more flexibility on stopping the attacks but you'll learn some kick-ass networking skills too :cool:
The existing hardware can be attached like so:
---- INTERNET -----
|
|
LINUX
FIREWALL
|
|
LINKSYS (RTR / SWITCH / WIFI)
| \
| \
PC PC
Here are some great resources:
- FrozenTux IPTables Tutorial
- Clarke Connect Home Edition (this baby runs off a CD, has Intrusion Prevention, Anti-Spam, VPN, Content Filtering and a Firewall)
- Lutewall is really cool and easy to use too...
Finally, search AntiOnline for some of the members' tutorials on building a firewall as they are very helpful as well.
Hope this helps you in dealing with your problem.