Date: Sun, 05 Jan 2003 13:20:58 -0800 From: Lars Eggert <larse@ISI.EDU> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-net@freebsd.org Subject: Re: Need help dealing with (D)DoS attacks (desperately) Message-ID: <3E18A1BA.8000607@isi.edu> In-Reply-To: <20030105124644.Q80512-100000@mail.econolodgetulsa.com> References: <20030105124644.Q80512-100000@mail.econolodgetulsa.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 1/5/2003 1:05 PM, Josh Brooks wrote:
>
> I am running this as my firewall/router:
>
> 4.4-RELEASE FreeBSD 4.4-RELEASE #0
>
> And I have no ability to change that anytime soon. Recently I have been
> having a lot of trouble with floods/ddos/etc. When these attacks occur,
> my firewall is totally unresponsive, I cannot ssh in to type a single
> command (and thus cannot tcpdump anything) and clients of systems on the
> inside either get no response, or get:
What processor and NICs do you use? This sounds like your machine is
being pushed into livelock, which shouldn't happen at the traffic load
you described (when you say "megs", do you mean Mb/s or MB/s?)
Complicated firewall rule sets also eat CPU time.
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0 +�0 *H
1
*H
0
*H
1
030105212058Z0# *H
1K`PB#fC
0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
��^un1*HE:PbE8'H|Ϻ5A c!r;
<9{z^\' ZO!0ykFX
.Z/Mg%+u-}vLx
ڲTS
Y5댤!ĎY>y
ty
s]
Ϯ>~eQ'
&xUQoqGD\nbƽCoiN~W k=|1
OY������
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E18A1BA.8000607>