From owner-freebsd-net  Sat Sep  8 13:34:59 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mail.clickarray.com (dune.clickarray.com [209.10.62.213])
	by hub.freebsd.org (Postfix) with ESMTP id B997B37B406
	for <Freebsd-net@freebsd.org>; Sat,  8 Sep 2001 13:34:57 -0700 (PDT)
Received: by mail.clickarray.com (Postfix, from userid 2000)
	id C961C5EF05; Sat,  8 Sep 2001 13:44:26 -0700 (PDT)
Date: Sat, 8 Sep 2001 13:44:26 -0700
From: Steve Shah <sshah@clickarray.com>
To: Alfred Perlstein <bright@mu.org>
Cc: Len Conrad <LConrad@Go2France.com>, Freebsd-net@freebsd.org
Subject: Re: =?iso-8859-1?Q?tracing_an_attack_using_spoofed_ip=B4s?=
Message-ID: <20010908134426.B61513@clickarray.com>
References: <5.1.0.14.0.20010908090440.06337828@mail.Go2France.com> <20010908112722.G2965@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010908112722.G2965@elvis.mu.org>; from bright@mu.org on Sat, Sep 08, 2001 at 11:27:22AM -0500
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sat, Sep 08, 2001 at 11:27:22AM -0500, Alfred Perlstein wrote:
> * Len Conrad <LConrad@Go2France.com> [010908 09:10] wrote:
> > A client has been receiving an attack on this mail gateway´s port 25 for 3 
> > weeks.  We increased the postfix SMTPD processes from 50 to 150, and the 
> 
> My suggestion is to start using firewall rules or perhaps hook

Use the firewall rules. The earlier you drop the packets, the 
better off you'll be. Setting up the rules will hopefully buy
you some additional time to contact your ISP so that they can 
setup packet filtering rules on their routers.  (After all, 
their boxes are taking extra load too...) 

-Steve

-- 
______________________________________________________________________________
Steve Shah (sshah@clickarray.com) | Voice: 408.284.4226  Pager: 408.989.4247
    http://www.clickarray.com     |  Pager E-Mail: pagesshah@clickarray.com 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              Beating code into submission, one OS at a time...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message