From owner-freebsd-questions@FreeBSD.ORG Tue Jul 19 15:14:29 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 459BB16A41F for ; Tue, 19 Jul 2005 15:14:29 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id B469743D46 for ; Tue, 19 Jul 2005 15:14:28 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: by rproxy.gmail.com with SMTP id 34so34402rns for ; Tue, 19 Jul 2005 08:14:11 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XtcFnc4Gse2yCkt3sVKgnfgwrdFp4VHlkVflkPeZlPYWBQoAlWSEKJD1notWCRVHgxA16qvujMiChsmFokm5me9YAPZeZCsyHEZVeyHImXAikazZ1IBmS0jgFBrXPhfi12PZiTF9w1/ZmNEVzT117wEJHVSc8py7I6YVcArIcp0= Received: by 10.38.103.16 with SMTP id a16mr303545rnc; Tue, 19 Jul 2005 08:14:11 -0700 (PDT) Received: by 10.38.8.44 with HTTP; Tue, 19 Jul 2005 08:14:11 -0700 (PDT) Message-ID: Date: Tue, 19 Jul 2005 11:14:11 -0400 From: Hornet To: freebsd-questions@freebsd.org In-Reply-To: <44ll42j2ey.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <1188328635.20050718140416@spaingsm.com> <44ll42j2ey.fsf@be-well.ilk.org> Cc: vladone Subject: Re: DoS prevention .Sysctl parameters to prevent this? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Hornet List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 15:14:29 -0000 On 19 Jul 2005 10:28:21 -0400, Lowell Gilbert wrote: > vladone writes: >=20 > > Recently i have in gateway freebsd that go down due to an DoS attack. > > I dont know exactly what is (i dont have experience), but is useful if = someone, with more > > wiyh more experience, can give some parameters for sysctl to prevent > > Dos an flood problem. > > Or perhaps with ipfw rules. > > Any help will be apreciated! >=20 > The question is too general. Every resource that is consumed by > incoming traffic is potentially subject to a denial-of-service > attack. =20 =20 > Furthermore, most denial-of-service attacks are actually > using up your incoming bandwidth, so there isn't much you can do on > your machine after those packets have already traversed your incoming > link. You hit the nail on the head. Really the best this you can do, is have tight firewall, netflow samples of your in/out data, and some cool scriptage to figure out if something is happening (and I'm talking about more the just some pretty graphs). Then call your ISP to block the hosts. Now if this is a DDoS and it is from a well built network, pretty much you will have to have the ISP null your host or network until it subsides. >=20 > See the manual for security(7), and see if that gives you a good start. >=20 > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > http://be-well.ilk.org/~lowell/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >