From owner-freebsd-isp@FreeBSD.ORG Fri May 16 19:28:43 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2169B37B401 for ; Fri, 16 May 2003 19:28:42 -0700 (PDT) Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 518E943FA3 for ; Fri, 16 May 2003 19:28:41 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 19GpqR-0004C1-00; Fri, 16 May 2003 17:46:39 -0700 Date: Fri, 16 May 2003 17:46:37 -0700 (PDT) From: Tom Samplonius To: Thomas Krause -CI- In-Reply-To: <3EC54FC1.3090104@chef-ingenieur.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: router stops working because of udp packets X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2003 02:28:43 -0000 On Fri, 16 May 2003, Thomas Krause -CI- wrote: ... > I belive the host of the customer was hacked. Does anybody know what's > running on the host? How I can prevent such attacks? There are any > kernel-options? Or should I limit the udp traffic? It is the Slammer worm. It can easily generate 60Mbps of traffic on a fast ethernet LAN. It seems that your router does not have enough resources to route that much. Perhaps add more mbufs, and more efficient network cards. If using the fxp driver, use the link0 flag to reduce interupts. > BTW: 4.6.2-RELEASE-p9 is running on the router. You should probably upgrade to 4.8 too. > Regards, > Thomas. Tom