0
I’m currenlty working on a university assignment. I’m learning about firewalls and I need to configure IPTables on a Ubuntu machine to prevent a TCP SYN flood attack.
I understand that this type of attack consists in sending a server a great number of SYN requests without then following with an ACK after its SYN-ACK response, resulting in the server waiting and therefore wasting its resources.
Looking of the Internet I found this IPTables rule on multiple web sites:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
I cannot understand how this entry should prevent the attack. I’m interpreting it as “Drop any new TCP connection without a SYN flag.” Am I missing something?
perhaps you could try to use the "unclean match" or "limit match" switch. e.g. iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT – Tech-IO – 2016-11-24T20:02:14.033