From owner-freebsd-questions@FreeBSD.ORG Wed Aug 27 18:18:29 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D64FE16A4BF for ; Wed, 27 Aug 2003 18:18:29 -0700 (PDT) Received: from mailgate.sri.com (mailgate.SRI.COM [128.18.243.11]) by mx1.FreeBSD.org (Postfix) with SMTP id B2A2343FBF for ; Wed, 27 Aug 2003 18:18:28 -0700 (PDT) (envelope-from hogsett@csl.sri.com) Received: (qmail 312 invoked from network); 28 Aug 2003 01:18:28 -0000 Received: from localhost (HELO mailgate.SRI.COM) (127.0.0.1) by mailgate.sri.com with SMTP; 28 Aug 2003 01:18:28 -0000 Received: from quarter.csl.sri.com ([130.107.1.30]) by mailgate.SRI.COM (SAVSMTP 3.1.0.29) with SMTP id M2003082718182723399 ; Wed, 27 Aug 2003 18:18:27 -0700 Received: from beast.csl.sri.com (beast.csl.sri.com [130.107.2.57]) by quarter.csl.sri.com (8.12.9/8.12.9) with ESMTP id h7S1IRFv004838; Wed, 27 Aug 2003 18:18:27 -0700 Message-Id: <200308280118.h7S1IRFv004838@quarter.csl.sri.com> To: "Jack L. Stone" In-Reply-To: Message from "Jack L. Stone" <3.0.5.32.20030827195021.01349e78@sage-one.net> Mime-Version: 1.0 (generated by tm-edit 8.8 (Time Passed Me By)) Content-Type: text/plain; charset=US-ASCII Date: Wed, 27 Aug 2003 18:18:27 -0700 From: Mike Hogsett cc: freebsd-questions@freebsd.org cc: ZaiD Dashti Subject: Re: how to stop the ddos ot dos attack ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 01:18:30 -0000 > >i got a DoS attack, how i can stop it ? > > > >note: > > i have a lan network in my home, and DSL connection which is connected > >to the > >hub direct, and i have 3 pc's. > > > >thanks > > > > I use a firewall which allows a block of DoS IPs from any to any.... also > can close ports easily. Plus, if you log, you can then monitor the further > attempts.... Unfortunately anything you do at the local end will not prevent bandwidth from being consumed on your link. Once it hits your local firewall to be dropped the traffic has already consumed bandwidth on your link. This may or may not be a concern. If the DOS is consuming a great deal of bandwidth than it probably is a concern and you may try contacting the abuse@ or other support addresses at your ISP and ask if they can filter this traffic before it hits your link. If you do want to consider a local firewall (which is a very good idea indeed) you may consider using a FreeBSD box in bridging mode between the DSL link and the local LAN. This FreeBSD box can do layer 3 (IP) filtering in bridging (layer 2 forwarding) mode. Some references : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/article.html - Mike