Date: Tue, 16 Jul 2002 03:13:43 +0000 From: "zhang jack" <jack_zhangcl@hotmail.com> To: bvi@itouchlabs.com Cc: security@FreeBSD.ORG Subject: Re: syncache testing Message-ID: <F215tnrAIaAWFfrs3OU00015a52@hotmail.com>
next in thread | raw e-mail | index | archive | help
Thank you,Barry. I will try it just now. Jack Zhang >From: Barry Irwin <bvi@itouchlabs.com> >To: zhang jack <jack_zhangcl@hotmail.com> >CC: security@FreeBSD.ORG >Subject: Re: syncache testing >Date: Tue, 16 Jul 2002 05:15:13 +0200 > > >Yes, I make use of ipfw and the separate NAT daemon, however. Given it some >more thought and I'm not sure if this would work as expected ( would be very >nice if it does, looking forward to the outcomes of your testing). > >The second method I suggested, will work as the packets are being processed >by the local host, however you haev an additioanl software component and >load on the gateway/firewall. The sould work for beefing up the security of >your web servers if you then firewalled them from connecting to anywhere but >there local subnet, as all the Internet faccing communications is via the >reverse proxy. > >Barry > >On Tue 2002-07-16 (02:58), zhang jack wrote: > > > > Thanks for your reply. > > I have used Ipfilter,did you mean using port redirecting? > > rdr fxp0 210.96.1.1 port 80 -> 192.168.1.1 port 80 > > can it pass though syncache? I know Ipfilter hook the packets > > in the IP level. > > > > > > > > >From: Barry Irwin <bvi@itouchlabs.com> > > >To: zhang jack <jack_zhangcl@hotmail.com> > > >CC: security@FreeBSD.ORG > > >Subject: Re: syncache testing > > >Date: Tue, 16 Jul 2002 04:42:12 +0200 > > > > > >Hi > > > > > >I'm not overly familiar with the syncache code, but you _may_ be able to > > >make use of the syncache mitigation by having your server sitting behind > > the > > >BSD box, with traffic being natted. A solution that may work better is to > > >have a reverse proxy of sorts running on the BSD system which proxies > > >requests to your webservers. > > > > > >Barry > > > > > > > > >On Tue 2002-07-16 (02:24), zhang jack wrote: > > > > > > > > Hi, > > > > I am testing syncache on FreeBSD 4.6 stable,and it works fine, > > > > but I found it *only* protect syn flooding of itself,can it act > > > > as a gateway( or firewall ) to protect my www server? > > > > can anyone help me? > > > > > >-- > > >Barry Irwin bvi@itouchlabs.com +27214875177 > > >Systems Administrator: Networks And Security > > >iTouch TAS http://www.itouchlabs.com South Africa > > > > > > > > > > _________________________________________________________________ > > 享用世界上最大的电子邮件系统— MSN Hotmail。http://www.hotmail.com/cn > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > >-- >Barry Irwin bvi@itouchlabs.com +27214875177 >Systems Administrator: Networks And Security >iTouch TAS http://www.itouchlabs.com South Africa > _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.microsoft.com/cn/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F215tnrAIaAWFfrs3OU00015a52>