Differences

This shows you the differences between two versions of the page.

--- en:ddos_dos_synflood [2015/04/13 14:55] – translator1
+++ en:ddos_dos_synflood [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-SYN flood attack leads to lack of resources on its target system. Indeed, for each SYN packet the system has to allocate some memory resources, or to look up sessions lists, or to generate the specific SYN+ACK reply. The latest contains cryptographic cookie. This requires significant CPU resources. In all cases denial of service happens at incoming rate of SYN packets from 100,000 to 500,000 per second. Note that even 1Gb/s channel allows a hacker to send up to 1.5 million packets per second to the target site.
-SCAT implements the SYN flood protection as follows:
-  - Detects the attack by exceeding of SYN requests by unconfirmed clients
-  - Independently replies to SYN requests: instead of the protected site
-  - Arranges TCP session to the protected site after the confirmation of request by a client
-Configuration parameters of this protection:
-To switch the protection mode on and off (it is 0 by default, allows online modification)\\
-Acceptable values:\\
-- protection is off\\
-- protection is activated automatically\\
-- protection is always on\\
-<code>syncf_protection=1</code>
-IP or CIDR of the protected site:
-<code>syncf_ip=192.168.0.1</code>
-Port numbers to cover (it is 80 by default, can be modified online):
-<code>syncf_ports=80:443</code>
-The percent of unconfirmed client's requests to activate the protection (it is 5 by default, can be modified online):
-<code>syncf_unconfirmed_percent=1</code>

Profile

Settings

Differences