Warning: malicious use of SYN-flood is punishable by law.
I needed to check SYN-Defense (TM) feature of Foundry's SI450. In order to do so I had to generate SYN-flood some how. It can be done with hping
hping --faster -S <dst. host>
The problem is that when SI replies with SYN/ACK packet back to my server, it sends RST in response, hping is not expecting any replies back. And ServerIron terminates the session immediately not letting SYN-Defense feature to kick-in. I had to block outgoing packets with RST flag set and destined to the dst. host above. Iptables to the rescue:
iptables -A OUTPUT -p tcp -d <dst. host> -m tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP
Enjoy
No comments:
Post a Comment