From owner-freebsd-security  Tue Jan 18 10: 5: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from alpha.dgweb.com (alpha.dgweb.com [207.218.73.252])
	by hub.freebsd.org (Postfix) with ESMTP id 729AF15291
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jan 2000 10:04:41 -0800 (PST)
	(envelope-from kuzak@kuzak.net)
Received: from kuzak (killer@sac1-3.dgweb.com [207.218.73.3])
	by alpha.dgweb.com (8.10.0.Beta10/8.10.0Beta10) with SMTP id e0II3XR62126;
	Tue, 18 Jan 2000 10:03:33 -0800 (PST)
Message-Id: <200001181803.e0II3XR62126@alpha.dgweb.com>
X-Sender: kuzak@mail.kuzak.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Tue, 18 Jan 2000 09:55:55 -0800
To: "Jonathan Fortin" <jonf@revelex.com>
From: Kuzak <kuzak@kuzak.net>
Subject: Re: TCP/IP
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <002801bf61de$b2663560$0900000a@server>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<html>
Once the DoS gets to the server there is not much point in trying to
filter it<br>
since it will already be filling your connection.=A0 The only way that I
have found<br>
effective at all is to block and rate limit everything at the border
routers.=A0 Further<br>
upstream would of course be better, but who has gotten uu to give in an
give then<br>
access to the policies on their routers?<br>
-Aric<br>
<br>
<br>
<br>
<br>
<br>
At 12:06 PM 1/18/00 -0600, you wrote: <br>
<blockquote type=3Dcite cite>=A0<br>
<font size=3D2>I noticed that most of the firewalls out there don't cover
protection e.g, on a denial of service attack, it should ignore the whole
protocol</font><br>
<font size=3D3>but only allow packets with 3k in lenght.
etc.</blockquote><br>
<br>
<br>
</font></html>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message