Date: Mon, 24 May 1999 10:03:38 -0600 From: Brett Glass <brett@lariat.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk>, Michael Richards <026809r@dragon.acadiau.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <4.2.0.37.19990524100208.04727460@localhost> In-Reply-To: <11146.927527966@critter.freebsd.dk> References: <Your message of "Mon, 24 May 1999 02:00:12 -0300." <Pine.GSO.4.05.9905240157240.20631-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help
I like this idea. BUT.... You'll still get their SYNs and use up kernel memory. (Only the OUTBOUND packets will disappear into a black hole.) memory for awhile. Any way to filter the incoming ones without installing a full-up firewall? --Brett At 08:39 AM 5/24/99 +0200, Poul-Henning Kamp wrote: >In message <Pine.GSO.4.05.9905240157240.20631-100000@dragon>, Michael Richards >writes: > >On Sun, 23 May 1999, Brett Glass wrote: > > > >> The Webmasters on this list may want to look over their logs to see > >> if they've been hit and not known it. grep your logs for imagelock.com; > >> if you find that they're abusing your server, you may want to firewall > >I noticed we were hit by them this evening. 1250 requests in a few > >minutes. Since we're not running a firewall, is there a recommended method > >of filtering such people out? I think I did it with apache, but I'm > >wondering if there is a better method. > >Add a blackhole route to them: > > route add -net <IP> -netmask <MASK> 127.0.0.1 -blackhole > >-- >Poul-Henning Kamp FreeBSD coreteam member >phk@FreeBSD.ORG "Real hackers run -current on their laptop." >FreeBSD -- It will take a long time before progress goes too far! > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990524100208.04727460>