NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2004-02

RE: [Freebsd-security] Re: IPFIREWALL

From: Remko Lodder (remkoelvandar.org)
Date: Sat Feb 07 2004 - 05:02:19 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I dont think you can deny all ddos against your box, you will need help from
your isp.
That is because if a person sends you enough packets, like 1mbit (and your
line is 1mbit)
full of packets, your connection is stuck, whether you filter or not.
Though you can mitigate those by closing all non needed ports, log them if
any attempt is being
made to connect to them, and use a bogon list which filters out traffic that
come from
unused ip-ranges. Note that DDOS not only happends due icmp, but can also
means attacking TCP/UDP
and other protocols as well.

I don't know how it is done by IPFW, but iptables can limit syn connections
(again i don't know
how it's done since i dont have any experience with it, but it can do it)

Also you can use stuff like snmp for example to monitor traffic in
combination with mrtg that is
a good start.

Hope it helped you a little,

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: freebsd-security-bounceslists.elvandar.org
[mailto:freebsd-security-bounceslists.elvandar.org]Namens Spades
Verzonden: zaterdag 7 februari 2004 7:29
Aan: freebsd-securityfreebsd.org
Onderwerp: [Freebsd-security] Re: IPFIREWALL

Heya,

lately my freebsd connection is being slow'd down after
it got ddos by some kiddies, and i got this feeling it is
still being packetted by in small amt cos i can feel a
constant lag. i have ipfw running and denied all icmp

Any idea how i can secure my box against all ddos
and prevent syn or other kind of floods? anyway to
monitor packets as well?

Thanks & regards.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
_______________________________________________
Freebsd-security mailing list
Freebsd-securitylists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/freebsd-security

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]