Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Jan 1998 04:50:49 -0800 (PST)
From:      "Jonathan M. Bresler" <jmb>
To:        rugose@delanet.com (Stephen Comoletti)
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: DoS
Message-ID:  <199801161250.EAA11058@hub.freebsd.org>
In-Reply-To: <199801160336.WAA18362@www.delanet.com> from Stephen Comoletti at "Nov 16, 97 10:35:03 am"

next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Comoletti wrote:
> I have a situation I need a little advice on. I'm not sure if it belongs
> here, however it does affect users of FreeBSD as well from what little I do
> know. 
> 
> Ok..here is the setup. ISP with 2 cisco routers, both communicate between
> eachother on a regular basis. They use radius for authentication. The isp

	if the attack is coming from the outside,
	filter deny all packets from the outside whose source address
	matches any of your networks (you should do this anyway).
	i presume that the tow routers talk to each other using
	inside addresses ;)

	if from the inside, track him down and ........

jmb

> is under attack by a modified smurf. It has all the symptoms of a smurf but
> it's comming in via udp and not icmp. to complicate it, the attacker is
> spoofing the ip of each router and hitting them at the same time, changing
> the port each time the isp kills input from one. 
> 
> Is there any way to defend/track down/stop an attack of this type?
> 
> Steve
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801161250.EAA11058>