Date: Wed, 24 Jan 2001 17:32:52 +0300 From: "Mr. Blackman" <blackman@blackman.ru> To: freebsd-security@freebsd.org Subject: DoS: socket: No buffer space available Message-ID: <01012417332701.31962@localhost.localdomain>
next in thread | raw e-mail | index | archive | help
Hello! Last days our server was DoSed (I'm sure). Ok, facts: The Problem: IP socket: No buffer space available UNIX Socket : No buffer space available Victim: FreeBSD 3.4 Kernel compiled with these options: options ICMP_BANDLIM options TCP_DROP_SYNFIN options TCP_RESTRICT_RST options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 /etc/rc.conf: tcp_drop_synfin="YES" tcp_restrict_rst="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/rc.firewall" firewall_quiet="NO" ### TCP STACK TUNING ### # TCP send/receive spaces sysctl -w net.inet.tcp.sendspace=32768 sysctl -w net.inet.tcp.recvspace=32768 # Socket queue defense against SYN attacks sysctl -w kern.ipc.somaxconn=1024 #!!! sysctl -w net.inet.icmp.drop_redirect=1 sysctl -w net.inet.icmp.log_redirect=1 sysctl -w net.inet.ip.redirect=0 sysctl -w net.inet6.ip6.redirect=0 sysctl -w net.link.ether.inet.max_age=1200 sysctl -w net.inet.ip.sourceroute=0 sysctl -w net.inet.ip.accept_sourceroute=0 sysctl -w net.inet.icmp.bmcastecho=0 sysctl -w net.inet.icmp.maskrepl=0 ### END TCP STACK TUNING ### On this server all packets are filtered with IPFW and _all_, except 53 udp are in "deny". Yes, I know about "named DoS", but the server is completely down. And only reboot solve the problem. Where is the problem, where is salvation?:) Thank you for attention. Mr. Blackman, Security Officer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01012417332701.31962>