Jump to content

Template:Networking rutos manual firewall: Difference between revisions

Line 796: Line 796:
<b>SYN Flood Protection</b> allows you to protect yourself from attacks that exploit part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDOS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network over-saturation.
<b>SYN Flood Protection</b> allows you to protect yourself from attacks that exploit part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDOS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network over-saturation.


[[File:Networking_rutos_manual_firewall_attack_prevention_syn_flood_protection.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_firewall_attack_prevention_syn_flood_protection_v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 821: Line 821:
     <tr>
     <tr>
     <td>TCP SYN cookies</td>
     <td>TCP SYN cookies</td>
         <td>off | on; default: <b>off<b></b></td>
         <td>off | on; default: <b>on</b></td>
         <td>Enables the use of SYN cookies (particular choices of initial TCP sequence numbers by TCP servers)b</td>
         <td>Enables the use of SYN cookies (particular choices of initial TCP sequence numbers by TCP servers)b</td>
     </tr>
     </tr>