TCP连接的第一个包,非常小的一种数据包。SYN攻击包括大量此类的包,由于这些包看上去来自实际不存在的站点,因此无法有效进行处理。
下面是实际应用里用OpenBSD替换linux做防火墙的例子,至于原因,有兴趣的朋友下载了资料便知一二。
OpenBSD 5.0 PF and Syn attak
Enjoyed the story,
by the way CARP & pfsync seems right solution for us today.
2011/9/25 Eukasz Czarniecki <luqe@sanki.roteh.pl>
> W dniu 2011-09-25 17:50, Pui Edylie pisze:
> > Hi Everyone,
> >
> > I am trying to put a pair of OBSD box together to provide Syn, UDP and
> > ICMP flood protection with pretty graphs.
> >
> > May I know if anyone has accomplished this?
>
> Check this out:
>
> Bakeca.it DDoS: How Evil Forces Have Been Defeated
>
>
>
http://data.proidea.org.pl/confidence/5 ... e_2009.pdf
>
>
http://data.proidea.org.pl/confidence/5 ... silico.avi
直接下载那个PDF即可明白故事的原委了,我也下载了第二个链接的avi讲座,但是,个人认为这个avi看不看均可,因为....
