From owner-freebsd-stable  Mon Aug 21 22:44:19 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp4.port.ru (mx5.port.ru [194.67.23.40])
	by hub.freebsd.org (Postfix) with ESMTP id EECF637B42C
	for <freebsd-stable@freebsd.org>; Mon, 21 Aug 2000 22:44:15 -0700 (PDT)
Received: from [212.96.98.37] (helo=[212.96.98.37])
	by smtp4.port.ru with esmtp (Exim 3.14 #44)
	id 13R6r6-000MUV-00; Tue, 22 Aug 2000 09:44:14 +0400
Date: Tue, 22 Aug 2000 09:44:00 +0400 (MSD)
From: Jaroshenko Serge <jaroshenko@mail.ru>
X-Sender: jaroshenko@freebsd.merlin.ru
To: noor@comrax.com
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: DoS attacks and FreeBSD.
In-Reply-To: <Pine.BSF.4.10.10008220241010.11868-100000@dns.comrax.com>
Message-ID: <Pine.BSF.4.21.0008220943260.4903-100000@freebsd.merlin.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hi!

You can see /usr/ports/security/portsentry .

Serge

On Tue, 22 Aug 2000 noor@comrax.com wrote:

> Hello all,
> 
> One of our sites was a target for a DoS attempt tonight. The attempt
> failed.
> 
> I have ipfw running on the server, and managed to block the IP's in
> question in time. My question is: suppose I was not near the PC at the
> time of the incident, how can I configure ipfw to automatically block
> cnnections originating from any IP and that is continuous in a suspecious
> manner? (let's say 50 concurrent connections to port 80 every second.)
> 
> Is this possible in FreeBSD or/and in ipfw? Would like to know how...
> 
> Thanks in advance.
> 
> Noor
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message