From owner-freebsd-questions@FreeBSD.ORG Wed Aug 27 20:53:01 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66A0C16A4BF for ; Wed, 27 Aug 2003 20:53:01 -0700 (PDT) Received: from bcolo06.skypoint.net (dual01.skypoint.net [199.86.32.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36FF643FF2 for ; Wed, 27 Aug 2003 20:53:00 -0700 (PDT) (envelope-from jamie@floyd.gnulife.org) Received: from floyd.gnulife.org (floyd.gnulife.org [199.86.41.27]) by bcolo06.skypoint.net (8.12.9/8.12.9) with ESMTP id h7S3qoqu006871; Wed, 27 Aug 2003 22:52:51 -0500 (CDT) (envelope-from jamie@floyd.gnulife.org) Date: Wed, 27 Aug 2003 22:53:19 -0500 (CDT) From: Jamie To: Mike Hogsett In-Reply-To: <200308280118.h7S1IRFv004838@quarter.csl.sri.com> Message-ID: <20030827225209.L5040-100000@floyd.gnulife.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-2.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-questions@freebsd.org cc: ZaiD Dashti Subject: Re: how to stop the ddos ot dos attack ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 03:53:01 -0000 On Wed, 27 Aug 2003, Mike Hogsett wrote: > > > >i got a DoS attack, how i can stop it ? > > > > > >note: > > > i have a lan network in my home, and DSL connection which is connected > > >to the > > >hub direct, and i have 3 pc's. > > > > > >thanks > > > > > > > I use a firewall which allows a block of DoS IPs from any to any.... also > > can close ports easily. Plus, if you log, you can then monitor the further > > attempts.... > > Unfortunately anything you do at the local end will not prevent bandwidth > from being consumed on your link. Once it hits your local firewall to be > dropped the traffic has already consumed bandwidth on your link. > > This may or may not be a concern. If the DOS is consuming a great deal of > bandwidth than it probably is a concern and you may try contacting the > abuse@ or other support addresses at your ISP and ask if they can filter > this traffic before it hits your link. > > If you do want to consider a local firewall (which is a very good idea > indeed) you may consider using a FreeBSD box in bridging mode between the > DSL link and the local LAN. This FreeBSD box can do layer 3 (IP) > filtering in bridging (layer 2 forwarding) mode. > > Some references : > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/article.html > > - Mike > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > If you have a dynamic IP address, you may get by power cycling your DSL modem so you come up with another IP address. It's a cheap shot, but may buy you some time online while you batten up the hatches. - Jamie "A friend is someone who lets you have total freedom to be yourself."