# Deactivated protections



## mystercoco (Apr 28, 2010)

Hello everybody,

I'm new in this forum.
I'm actually developping a tool which test firewall protections like syn flooding, udp flooding, rule following.
For this test, 2 computers are on each side of the firewall and simulate a high quantity of other computers (clients, server...).
1 of the computer act like a client and the other like a server.

The problem is actually on the server (running freebsd).
I'll need to deactivated all protections (syn flooding, syn response, udp limit, buffer limit) of freebsd during the test (and may reactive it for getting results), the software analyse packet at a low level (promiscuous mode).
I found the way to increase some option with sysctl and loader.conf but it's not enough to avoid lost of packets...

How can I temporaly remove all protections and analyses (tcp following, icmp, udp) of received packets from freebsd ?

Thank you


----------



## anomie (Apr 28, 2010)

You're on the right track with investigating sysctl MIBs. Your test is going to be difficult because, IIRC, there are mechanisms baked into the kernel to harden the networking stack. I'm not sure whether all of them are dynamically modifiable. 

Not only that, I'd point out this is a pretty contrived test you're running. It seems like it would be most pertinent to do your testing on a host that was built with a _default_ install. Removing default security mechanisms is completely artificial.


----------



## mystercoco (Apr 29, 2010)

Thank you for your answer.
You're probably right because I had the same problem on a linux debian, I tried to build my own kernel (for linux) without success at the moment (I'm not an expert in home built kernel).
I thought it could be possible with freebsd because it's mostly used for servers.
Freebsd has a flood limit of 200 packets per second (detected on test). Firewall of freebsd is deactivated and I set a high number of connections and memory space in sysctl BUT the limit is still at 200 packets (booth on UDP and TCP).
Is this limit built in freebsd kernel ?
If not how can I remove it ?


----------



## DutchDaemon (Apr 29, 2010)

Probably the net.inet.icmp.icmplim sysctl. See http://silverwraith.com/papers/freebsd-ddos.php for some more (old information, but most sysctls are still there in some form or another).


----------

