From owner-freebsd-questions@FreeBSD.ORG  Tue Jul 19 14:28:23 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 377C416A41F
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Jul 2005 14:28:23 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from mail26.sea5.speakeasy.net (mail26.sea5.speakeasy.net
	[69.17.117.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0D8443D48
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Jul 2005 14:28:22 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 6925 invoked from network); 19 Jul 2005 14:28:22 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail26.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 19 Jul 2005 14:28:22 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id 134E230; Tue, 19 Jul 2005 10:28:22 -0400 (EDT)
Sender: lowell@be-well.ilk.org
To: vladone <vladone@spaingsm.com>
References: <1188328635.20050718140416@spaingsm.com>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 19 Jul 2005 10:28:21 -0400
In-Reply-To: <1188328635.20050718140416@spaingsm.com>
Message-ID: <44ll42j2ey.fsf@be-well.ilk.org>
Lines: 21
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-questions@freebsd.org
Subject: Re: DoS prevention .Sysctl parameters to prevent this?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2005 14:28:23 -0000

vladone <vladone@spaingsm.com> writes:

> Recently i have in gateway freebsd that go down due to an DoS attack.
> I dont know exactly what is (i dont have experience), but is useful if someone, with more
> wiyh more experience, can give some parameters for sysctl to prevent
> Dos an flood problem.
> Or perhaps with ipfw rules.
> Any help will be apreciated!

The question is too general.  Every resource that is consumed by
incoming traffic is potentially subject to a denial-of-service
attack.  Furthermore, most denial-of-service attacks are actually
using up your incoming bandwidth, so there isn't much you can do on
your machine after those packets have already traversed your incoming
link.  

See the manual for security(7), and see if that gives you a good start.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/