Date: Wed, 29 Mar 2000 14:09:32 +1000 (EST) From: Rowan Crowe <rowan@sensation.net.au> To: freebsd-isp@freebsd.org Subject: Re: DoS attacks Message-ID: <Pine.BSF.4.01.10003291358330.4598-100000@velvet.sensation.net.au> In-Reply-To: <200003290333.NAA29456@peppermint.national.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Mar 2000, Enno Davids wrote: > The real fix is for everyone to make sure their sites are secure. These > attacks are all built on compromising other people's systems as platforms > to launch the attack on third parties. The victim is attacked by systems > which have themselves been hijacked to that purpose and hence the real fix > is to prevent the hijacking to begin with. I'll make a sweeping generalisation here... Probably most of the people on this list are well aware of even basic security issues and have their boxes reasonably secure. It's the people who "click here to install Linux RH 5.1" that are the problem! :-( Not just home users hanging off a 56k modem, either... Getting every box secure would be even more difficult than something which is already impossible - every ISP blocking spoofed packets and not permitting them to reach the outside world. On that note, here's a simple ipfw set of rules for a single IP block: ipfw a nnn deny log ip from x.x.x.x to any in via iface # disallow packets IN which have one of our IPs - external spoof ipfw a nnn allow ip from x.x.x.x to any out via iface # permit packets OUT which originate from one of our IPs - valid ipfw a nnn deny log ip from any to any out via iface # disallow packets OUT which *don't* originate from one of our IPs - internal spoof Of course this will become much more complicated with more IP blocks, multiple POPs, transit for other ISPs etc passing through. I have rules similar to the above on both my transit and customer links (in the latter case, the first rule is not used) Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.10003291358330.4598-100000>