From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 29 06:41:25 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 867B216A41F
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Aug 2005 06:41:25 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from pi.codefab.com (pi.codefab.com [199.103.21.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2782D43D45
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Aug 2005 06:41:25 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from localhost (localhost [127.0.0.1])
	by pi.codefab.com (Postfix) with ESMTP id 88D245D33;
	Mon, 29 Aug 2005 02:41:24 -0400 (EDT)
Received: from pi.codefab.com ([127.0.0.1])
	by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 00996-06; Mon, 29 Aug 2005 02:41:23 -0400 (EDT)
Received: from [192.168.1.3] (pool-68-161-79-217.ny325.east.verizon.net
	[68.161.79.217]) by pi.codefab.com (Postfix) with ESMTP id 5C09A5CC5;
	Mon, 29 Aug 2005 02:41:22 -0400 (EDT)
Message-ID: <4312AE23.6010003@mac.com>
Date: Mon, 29 Aug 2005 02:41:39 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.11) Gecko/20050801
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: vladone <vladone@spaingsm.com>
References: <1905744288.20050827224121@spaingsm.com>
	<4310C64B.2060807@mkproductions.org>
	<333541280.20050827235941@spaingsm.com>
	<003201c5ab59$673d5940$030a000a@IBMTWAQPEF2DWZ>
	<1594562973.20050828195814@spaingsm.com>
In-Reply-To: <1594562973.20050828195814@spaingsm.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at codefab.com
Cc: freebsd-questions@freebsd.org
Subject: Re: how to know if i'm under flood?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2005 06:41:25 -0000

vladone wrote:
> If u have more experience, please give some example about what sysctl
> variable to set, and wich ipfw rules can prevent DoS.

If your inbound pipe(s) are saturated due to DoS flood traffic, there is very 
little you can do about it locally.  You have to get your ISP to filter 
upstream to do any real good.  Or be prepared to renumber your IP addresses to 
a new netblock in order to dodge the DoS.

-- 
-Chuck