From owner-freebsd-security@FreeBSD.ORG Sat Feb 7 03:02:26 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3871A16A4CE for ; Sat, 7 Feb 2004 03:02:26 -0800 (PST) Received: from mail.evilcoder.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7B3243D1D for ; Sat, 7 Feb 2004 03:02:25 -0800 (PST) (envelope-from remko@elvandar.org) From: "Remko Lodder" To: "Spades" , Date: Sat, 7 Feb 2004 12:02:19 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) In-Reply-To: <20040207063015.2BF733F@mail.elvandar.org> Importance: Normal X-Virus-Scanned: for evilcoder.org Message-Id: <20040207110224.48A122B4D7C@mail.evilcoder.org> Subject: RE: [Freebsd-security] Re: IPFIREWALL X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2004 11:02:26 -0000 Hi, I dont think you can deny all ddos against your box, you will need help from your isp. That is because if a person sends you enough packets, like 1mbit (and your line is 1mbit) full of packets, your connection is stuck, whether you filter or not. Though you can mitigate those by closing all non needed ports, log them if any attempt is being made to connect to them, and use a bogon list which filters out traffic that come from unused ip-ranges. Note that DDOS not only happends due icmp, but can also means attacking TCP/UDP and other protocols as well. I don't know how it is done by IPFW, but iptables can limit syn connections (again i don't know how it's done since i dont have any experience with it, but it can do it) Also you can use stuff like snmp for example to monitor traffic in combination with mrtg that is a good start. Hope it helped you a little, -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: freebsd-security-bounces@lists.elvandar.org [mailto:freebsd-security-bounces@lists.elvandar.org]Namens Spades Verzonden: zaterdag 7 februari 2004 7:29 Aan: freebsd-security@freebsd.org Onderwerp: [Freebsd-security] Re: IPFIREWALL Heya, lately my freebsd connection is being slow'd down after it got ddos by some kiddies, and i got this feeling it is still being packetted by in small amt cos i can feel a constant lag. i have ipfw running and denied all icmp Any idea how i can secure my box against all ddos and prevent syn or other kind of floods? anyway to monitor packets as well? Thanks & regards. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ Freebsd-security mailing list Freebsd-security@lists.elvandar.org http://lists.elvandar.org/mailman/listinfo/freebsd-security