From owner-freebsd-security Tue Jan 18 9:47: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 684C414CF1 for ; Tue, 18 Jan 2000 09:46:59 -0800 (PST) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1307 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 18 Jan 2000 11:41:02 -0600 (CST) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Tue, 18 Jan 2000 11:41:02 -0600 (CST) From: James Wyatt To: Jonathan Fortin Cc: freebsd-security@freebsd.org Subject: Re: TCP/IP In-Reply-To: <002801bf61de$b2663560$0900000a@server> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 18 Jan 2000, Jonathan Fortin wrote: > I noticed that most of the firewalls out there don't cover protection e.g, on a denial of service attack, it should ignore the whole protocol > but only allow packets with 3k in lenght. etc. The only real DoS 'thing' I've noticed is the ICMP_BANDLIM to limit icmp error responses, which works fairly well. Most of the DoS stuff, IMHO, should be done at the router, and the one on the input-end of the link if you can. This protects the link as well as the host. Amplifiers can really overwhelm a link... Of course, if you are using FreeBSD as your router, this becomes very implrtant on the host again, right Dennis? I would *love* to hear what others have done besides the usual ipfw rules. Thanks - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message