Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Roland Dobbins
On Oct 8, 2014, at 10:24 PM, Paige Thompson wrote: > Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a > synflood?) but would you care to summarize just in case because > I am not this savvy, but would like to understand. Yes, you can do that - there are plenty of op

Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson
On 10/08/14 17:54, Roland Dobbins wrote: > On Oct 8, 2014, at 9:43 PM, Paige Thompson wrote: > >> Any thoughts on this are appreciated, > > > pp. 30-36. > >

RE: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Thijs Stuurman
AE 3402 en PCI DSS certified. -Oorspronkelijk bericht- Van: Paige Thompson [mailto:paigead...@gmail.com] Verzonden: Wednesday, October 8, 2014 5:14 PM Aan: Thijs Stuurman; Nanog Onderwerp: Re: netfilter/iptables synproxy; need help deciding On 10/08/14 18:06, Thijs Stuurman wrote: &

RE: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Thijs Stuurman
ables synproxy; need help deciding Hi, I guess syncookies wasn't enough and the SYNPROXY target is a relatively new addition to netfilter. If I remember correctly this has been a part of BSD PF for quite some time and is pretty easy to get up and working. I recently tried to set this up on

Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson
ww.is.nl | KvK Hoorn 36049256 > > IS Group is ISO 9001:2008, ISO/IEC 27001:2005, > ISO 20.000-1:2005, ISAE 3402 en PCI DSS certified. > > -Oorspronkelijk bericht- > Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Paige Thompson > Verzonden: Wednesday, October 8, 2014 4:

RE: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Thijs Stuurman
Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Paige Thompson Verzonden: Wednesday, October 8, 2014 4:51 PM Aan: Nanog Onderwerp: netfilter/iptables synproxy; need help deciding Hi, I guess syncookies wasn't enough and the SYNPROXY target is a relatively new addition to netfilter. If I remembe

Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Roland Dobbins
On Oct 8, 2014, at 9:43 PM, Paige Thompson wrote: > Any thoughts on this are appreciated, pp. 30-36. -- Roland D

netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson
Hi, I guess syncookies wasn't enough and the SYNPROXY target is a relatively new addition to netfilter. If I remember correctly this has been a part of BSD PF for quite some time and is pretty easy to get up and working. I recently tried to set this up on one of my gateways considering that it's j

netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson
Hi, I guess syncookies wasn't enough and the SYNPROXY target is a relatively new addition to netfilter. If I remember correctly this has been a part of BSD PF for quite some time and is pretty easy to get up and working. I recently tried to set this up on one of my gateways considering that it's j