Date: Sat, 8 Sep 2001 13:44:26 -0700 From: Steve Shah <sshah@clickarray.com> To: Alfred Perlstein <bright@mu.org> Cc: Len Conrad <LConrad@Go2France.com>, Freebsd-net@freebsd.org Subject: Re: =?iso-8859-1?Q?tracing_an_attack_using_spoofed_ip=B4s?= Message-ID: <20010908134426.B61513@clickarray.com> In-Reply-To: <20010908112722.G2965@elvis.mu.org>; from bright@mu.org on Sat, Sep 08, 2001 at 11:27:22AM -0500 References: <5.1.0.14.0.20010908090440.06337828@mail.Go2France.com> <20010908112722.G2965@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 08, 2001 at 11:27:22AM -0500, Alfred Perlstein wrote:
> * Len Conrad <LConrad@Go2France.com> [010908 09:10] wrote:
> > A client has been receiving an attack on this mail gateway´s port 25 for 3
> > weeks. We increased the postfix SMTPD processes from 50 to 150, and the
>
> My suggestion is to start using firewall rules or perhaps hook
Use the firewall rules. The earlier you drop the packets, the
better off you'll be. Setting up the rules will hopefully buy
you some additional time to contact your ISP so that they can
setup packet filtering rules on their routers. (After all,
their boxes are taking extra load too...)
-Steve
--
______________________________________________________________________________
Steve Shah (sshah@clickarray.com) | Voice: 408.284.4226 Pager: 408.989.4247
http://www.clickarray.com | Pager E-Mail: pagesshah@clickarray.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beating code into submission, one OS at a time...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908134426.B61513>