Nounou Dadoun
2016-05-25 19:28:45 UTC
Hi folks,
I'm interested in writing a security filter for existing applications to deal with syn flood attacks and potentially other mischief.
In particular, I have an application that I would like to "protect" from crashing (I don't care if the filter crashes because I can keep restarting it) and I would like this filter to prescreen connections and then hand them to the application to process. I'm thinking that I could use some kind of exponential backoff to space a syn flood to a manageable flow. (e.g. sleep for a certain period between handing off connects - 10ms, 20ms, 40ms, 80ms etc. with a backoff reset every full second that there are no outstanding requests or so - may need some tuning but you get the idea).
So my question is - how could boost asio do this (without the knowledge or cooperation of the "protected" application), i.e. receive the incoming tcp connection, potentially wait a period of time and then hand it off to a separate application (potentially on a different machine) to process.
Note that this would be similar to a load-balancing application that might choose from among a number of available servers to hand off to process incoming requests.
Any suggestions or references as to how to go about this in boost? The other possibility is to treat the filter process as a man in the middle but that's not my preference at this point.
Thanks in advance for any thoughts .. N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
Support: 888.281.5182 | avigilon.com
Follow Twitter | Follow LinkedIn
This email, including any files attached hereto (the "email"), contains privileged and confidential information and is only for the intended addressee(s). If this email has been sent to you in error, such sending does not constitute waiver of privilege and we request that you kindly delete the email and notify the sender. Any unauthorized use or disclosure of this email is prohibited. Avigilon and certain other trade names used herein are the registered and/or unregistered trademarks of Avigilon Corporation and/or its affiliates in Canada and other jurisdictions worldwide.
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
asio-users mailing list
asio-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/asio-users
_______________________________________________
Using Asio? List your project at
http://think-async.com/Asio/WhoIsUsingAsio
I'm interested in writing a security filter for existing applications to deal with syn flood attacks and potentially other mischief.
In particular, I have an application that I would like to "protect" from crashing (I don't care if the filter crashes because I can keep restarting it) and I would like this filter to prescreen connections and then hand them to the application to process. I'm thinking that I could use some kind of exponential backoff to space a syn flood to a manageable flow. (e.g. sleep for a certain period between handing off connects - 10ms, 20ms, 40ms, 80ms etc. with a backoff reset every full second that there are no outstanding requests or so - may need some tuning but you get the idea).
So my question is - how could boost asio do this (without the knowledge or cooperation of the "protected" application), i.e. receive the incoming tcp connection, potentially wait a period of time and then hand it off to a separate application (potentially on a different machine) to process.
Note that this would be similar to a load-balancing application that might choose from among a number of available servers to hand off to process incoming requests.
Any suggestions or references as to how to go about this in boost? The other possibility is to treat the filter process as a man in the middle but that's not my preference at this point.
Thanks in advance for any thoughts .. N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
Support: 888.281.5182 | avigilon.com
Follow Twitter | Follow LinkedIn
This email, including any files attached hereto (the "email"), contains privileged and confidential information and is only for the intended addressee(s). If this email has been sent to you in error, such sending does not constitute waiver of privilege and we request that you kindly delete the email and notify the sender. Any unauthorized use or disclosure of this email is prohibited. Avigilon and certain other trade names used herein are the registered and/or unregistered trademarks of Avigilon Corporation and/or its affiliates in Canada and other jurisdictions worldwide.
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
asio-users mailing list
asio-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/asio-users
_______________________________________________
Using Asio? List your project at
http://think-async.com/Asio/WhoIsUsingAsio