From owner-freebsd-security  Tue Jan 18 22:18:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 226FB15016
	for <freebsd-security@freebsd.org>; Tue, 18 Jan 2000 22:18:29 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com (mailhub [198.206.181.70])
	by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id WAA27267;
	Tue, 18 Jan 2000 22:17:44 -0800 (PST)
X-Origination-Site: <ind.alcatel.com>
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id WAA17472; Tue, 18 Jan 2000 22:17:43 -0800
Received: from softweyr.com ([204.68.178.39])
	by omni.xylan.com (8.9.3+Sun/8.9.1 (Xylan engr [SPOOL])) with ESMTP id WAA24702;
	Tue, 18 Jan 2000 22:16:19 -0800 (PST)
Message-ID: <388557FB.443E66B0@softweyr.com>
Date: Tue, 18 Jan 2000 23:21:47 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: patl@phoenix.volant.org
Cc: David Wolfskill <dhw@whistle.com>, matt@ARPA.MAIL.NET,
	freebsd-security@freebsd.org
Subject: Re: TCP/IP
References: <ML-3.4.948228615.4905.patl@asimov.phoenix.volant.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

patl@phoenix.volant.org wrote:
> 
> On 18-Jan-00 at 11:21, David Wolfskill (dhw@whistle.com) wrote:
> > >Date: Tue, 18 Jan 2000 12:53:12 -0500
> > >From: matt <matt@ARPA.MAIL.NET>
> >
> > >I would love to talk my uplink (uunet.ca) into filtering certain things
> > >before they pass it on to my router, wish they would =/ Besides that, I
> > >filter syn,fin, icmp, all udp except ntp/dns, besides that, I don't think
> > >there is much that I can do.
> >
> > Put another router in series with it.  Use an RFC 1918 "private net"
> > numbering scheme for that (pathological) network, which then becomes an
> > effective "demarc" between uunet.ca's responsibility/ability and yours.
> >
> > This generalizes, within reason.  (Yes, it adds latency, too....)
> 
> Umm, I think Matt's point was that he would like to filter these
> things out -before- they consume bandwidth between his uplink and
> his router.  (I know I would...)

Get a better ISP.  They should provide such services, and the good ones will.  
They may charge to set it up, but they aren't going to want SYN floods on
their networks.  If the flood is coming from within your ISP, talk to the ISP 
and get the plug pulled on the flood source.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message