I still don't understand this SYN attack, but now I can block it easily
8 days ago
- #iptables
- #SYN attack
- #network security
- The author has been experiencing SYN attacks for six years, now originating from Brazilian IP addresses.
- The attacks involve up to 100 SYN state connections to the web server, but they don't significantly affect performance.
- To block the attacks, the author used iptables to log matches and analyzed the traffic.
- Noticing unusually high TTL values (above 99) in the SYN packets, the author blocked connections with TTL greater than 70.
- The solution successfully blocked over 171,000 connections without disrupting normal services.
- The author later realized that Microsoft Windows uses a TTL of 128, which might explain the high TTL values.