How to block a packet with certain mss, wscale, win?

L

louvremaster2016-12-15 13:09:18

linux

louvremaster, 2016-12-15 13:09:18

How to block a packet with certain mss, wscale, win?

They flood with these packets:
03:30:52.656972 IP XXX.XXXX.XXX.XXX.33392 > YYY.YYY.YYY.YYY.80: Flags [S], seq 3759734784, win 8192, options [mss 1460,nop ,wscale 2,nop,nop,sackOK], length 0
Constantly the same mss, win, wscale, in general all options are the same.
Through iptables in the mangle table I can specify to block mss 1460, but the necessary things can fall under the block. The question is how to specify all the necessary TCP options for blocking? In theory, you can use u32, but how to generate this hash correctly?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

T

theg4sh, 2016-12-16
@theg4sh

Are you sure that this is really a SYN flood and after that ACK packets do not come from the same IP addresses?
Looks like a normal connection start. Could you give a more detailed example of the tcpdump log, for example, one IP at a time?
A little on the topic:
https://en.wikipedia.org/wiki/SYN_flood
https://www.cyberciti.biz/tips/howto-limit-linux-s...

K

Konstantin Tsvetkov, 2017-04-29
@tsklab

Which video card to choose?

The year of manufacture that matches your computer.

J

Jacob E, 2017-04-29
@Zifix

First, you need to buy more memory. Secondly, what is the budget?

N

nfire, 2017-04-29
@nfire

Offhand 1060 will do.
You would like more memory, at least 4.

M

Mnab, 2017-05-04
@Mnab

I like what you like