|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Yong, David (David.Yong
trw.com)Date: Thu Aug 23 2001 - 16:55:01 CDT
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
I don't think that rskill will help, because a Synflood can be successful without a fully established connection. When a synflood comes, the rskill sends rst's, but it's too late because the syns are already there. rskills don't block the syns, they just fire back rst's. That doesn't help if the attack doesn't intend on setting up a full connection.
-----Original Message-----
From: Verne Baxter [mailto:VerneBSTCG.net]
Sent: Wednesday, August 22, 2001 11:09 AM
To: 'issforumiss.net'
Subject: RealSecure 6.0 rskill question
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
I have RealSecure set to kill SYNFlood attacks via rskill (which are
tagged). At what phase of the connection attempt does this happen? The
reason I ask is that we recently had a SYNFlood attack on our mail server.
It was comprised of two attacks a minute apart from different IPs. One hit
port 25 while the other hit port 110. The server had to be rebooted prior
to SMTP functioning again. I am concerned that rskill may have been the
problem either directly or because it did not kill the attacks soon enough?
Verne Baxter
Sierra Tel Internet
vernebstcg.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]