Date: Sat, 27 Aug 2005 18:48:11 -0400 From: "James Bowman Sineath, III" <sineathj1@citadel.edu> To: "vladone" <vladone@spaingsm.com>, <freebsd-questions@freebsd.org> Subject: Re: Re[2]: how to know if i'm under flood? Message-ID: <003201c5ab59$673d5940$030a000a@IBMTWAQPEF2DWZ> References: <1905744288.20050827224121@spaingsm.com><4310C64B.2060807@mkproductions.org> <333541280.20050827235941@spaingsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to your first question, I would highly recommend setting up a verbose firewall if you have not already done so. Personally, I use ipfw but there are a variety of options available to you (pf/ipf/ipfw/ipfw2), so check out the handbook and figure out which one you want to use. Doing this is a vital step in preventing attacks and keeping track of the connections on your system. There are also a variety of sysctl variables that can help in handling DoS attacks, if you find yourself being flooded on a regular basis then you may want to play with some of them. There are a variety of ways to watch for DoS attacks and floods, but setting up a firewall is a vital part of that. If you need any help doing so then feel free to ask and I would be happy to help (however I am only familiar with ipfw and ipf) but be sure to read the handbook first. > And how exactly use netstat for this purpose? I see many options in > man pages. try netstat -a. I've never used netstat for this purpose but I believe that may work, it will list all of your current connections. If you have a lot of them then you are probably being DoS'd. Bow Sineath Class of 2006, the Citadel sineathj1@citadel.edu - bow.sineath@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003201c5ab59$673d5940$030a000a>