From owner-freebsd-questions Sun Jan 5 15:29:25 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FE3537B401 for ; Sun, 5 Jan 2003 15:29:23 -0800 (PST) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6B8743E4A for ; Sun, 5 Jan 2003 15:29:22 -0800 (PST) (envelope-from fearow@attbi.com) Received: from god.woofcat.com (12-251-110-17.client.attbi.com[12.251.110.17]) by rwcrmhc51.attbi.com (rwcrmhc51) with SMTP id <2003010523292205100nkv9ne>; Sun, 5 Jan 2003 23:29:22 +0000 Date: Sun, 5 Jan 2003 17:28:59 -0600 From: Anti To: "Michael" Cc: freebsd-questions@freebsd.org Subject: Re: DOS ATTACK. Any Suggestions? Message-Id: <20030105172859.099b3a34.fearow@attbi.com> In-Reply-To: <2720.192.168.1.10.1041807203.squirrel@email.unixhideout.com> References: <2720.192.168.1.10.1041807203.squirrel@email.unixhideout.com> Organization: Woofcat X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG more an issue with apache than freebsd i think... perhaps mod_dosevasive (http://www.networkdweebs.com/stuff/security.html) could be of use? `Anti` On Sun, 5 Jan 2003 17:53:23 -0500 (EST) "Michael" wrote: > Sigh. I have had my website for well over a few years now. I am very upset > with the internet and where it is going due to the fact that their is so > many children on it whose parents dont know how to do their jobs and they > allow their children to perform dos attacks and god only knows what else > on daddys fast connection. The internet falls the perfect place for every > child/grownup who was/is pushed around in school, the unpopular kids no > one likes, the fat kid in class and the guys that cant even get laid to go > online and be "the man" behind the monitor. It is the only place they can > go and be "something in power" As lame as that is this must be how they > look at it in their sick mind. I have been dossed many times. Heres the > latest. I go to > > http://www.unixhideout.com/server-status which you can also look at if it > actually loads for you.. and i see around 80-100 of these 24/7 > > 1-0 50860 1/4/4 K 0.40 10 1134 0.0 0.00 0.00 24.67.253.203 > www.unixhideout.com GET / HTTP/1.1 > > all from different (at least 100 ips) over and over again bringing my > server to its knees. As i said previously i have been dossed by the > nobodys many times and it usually just goes away. This has been going on > since january first. I am running IPFW with very strict rules, on FreeBSD > 4.7 IPFW does me no good because i am allowing the port they are abusing > (80) due to the last DOS attack and my few hours research i have the > following options already in my rc.conf > > tcp_extensions="NO" > tcp_keepalive="YES" > tcp_restrict_rst="YES" > icmp_bmcastecho="NO" > icmp_drop_redirect="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="custom" > firewall_quiet="NO" > firewall_logging_enable="YES" > log_in_vain="YES" > > Im sure you can notice some mistakes. I try to keep the research on this > lame shit to a minumum as it does not interest me to learn how to hurt > other people. Please help me get the best out of this immature child and > continue my website which is a complete gift to FreeBSD and its community, > not that you owe me a god damn thing but you understand what i mean.. I > have dealt with this many times. As soon as my site gets big and i have a > lot of users in irc, some little jealous network comes along and destroys > what i worked on. The last time this happened my ISP shut ME off because > it took out one of their facilities. > -- > Mike > mike@unixhideout.com > The unixhideout network, > http://www.unixhideout.com > need to get ahold of me? > finger mike@unixhideout.com > > > ----------------------------------------- > Free, secure and stable email from UnixHideout > "The UnixHideout network" > http://www.unixhideout.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message