From owner-freebsd-questions Thu Apr 27 1: 4:20 2000 Delivered-To: freebsd-questions@freebsd.org Received: from aragorn.neomedia.it (aragorn.neomedia.it [195.103.207.6]) by hub.freebsd.org (Postfix) with ESMTP id 4828637B549 for ; Thu, 27 Apr 2000 01:04:11 -0700 (PDT) (envelope-from bartequi@neomedia.it) Received: from bartequi.ottodomain.org (ppp2-pa5.neomedia.it [195.103.207.114]) by aragorn.neomedia.it (8.9.3/8.9.3) with SMTP id KAA04768; Thu, 27 Apr 2000 10:02:26 +0200 (CEST) From: Salvo Bartolotta Date: Thu, 27 Apr 2000 09:03:28 GMT Message-ID: <20000427.9032800@bartequi.ottodomain.org> Subject: Re: DDos To: Yamin Prabudy , freebsd-questions@FreeBSD.ORG References: <39081EA0.51160471@starindo.net> X-Mailer: SuperCalifragilis X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 4/27/00, 12:04:00 PM, Yamin Prabudy wrote regarding DDos: > Denial of Service Attacks > Can anyone explain what is this > and how can i defense my self with this kind of attacks > I'd notice that a couple of ISP in INdonesia had been a victim > TIA > -Yamin- Dear Yamin Prabudy, DDoS stands for Distributed Denial of Service [attack]. That is, [a great] many computers *simultaneously* attack one site, throwing data at it at, say, ~1 Gbit/sec rate. The goal of this type of attack is to prevent the victim from providing any services. You might want to do a little search on the web for this: some "famous" DDoS attacks were performed in February, and you should find plenty of information about them. As to defence strategies, to begin with, you might want to have a look at the following: 1) a few options for your kernel: e.g. ICMP_BANDLIM, TCP_RESTRICT_RST, IPFIREWALL, etc. 2) Packet filtering ("firewall") techniques, eg. ipfw(8), ipf(1,5,4), etc. You might want to read (wait for it) the handbook for an introduction to these complex problems as well as ... the freebsddiary. And you might want to have a look at a few good books on firewalls. This topic has been discussed again and again on -questions, and you might want to search the mailing list archives, too. N.B. while a (single) DoS is fairly easy to deal with, a DDoS is quite another matter. Best regards, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message