Date: Sat, 11 Jan 2003 10:32:03 +0300 (MSK) From: "."@babolo.ru To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-net@freebsd.org Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <1042270323.565094.9988.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030110213122.C78856-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > What would you run on a different server to do traffic estimation ? How > would you do such a thing ? I use argus 1.8 and my package http://free.babolo.ru/src/traf-tools-0.14.tar.gz as part of ISPMS/ISPDB http://free.babolo.ru/ports/ispms/ traf-tools has free license ISPMS/ISPDB - for non-profit or estimation > thanks. > > On Sat, 11 Jan 2003 .@babolo.ru wrote: > > > > Well, my "router" is the freebsd machine - celeron 500 and 256 megs. > > > > > > Where would you suggest doing bandwidth counts for all of my IPs if I > > > don't use ipfw count rules at the firewall/router ? > > I use argus. > > It is not so comfortable for traffic accounting. > > It is used for the second role - traffic auditing too. > > > > And see - trafic estimation is not router's job. > > Use separate server, and remember, that traffic calculation > > can be huge under attack. > > > > > And also thank you very much - I am very happy to hear that you think a > > > freebsd firewall/router will not be easy to break if it is not allowing > > > things to ports on the servers behind it that are not valid... > > Sorry, I know English bad and do not understant > > your last line above. > > > > > On Sat, 11 Jan 2003 .@babolo.ru wrote: > > > > > > > IMHO it is almoust impossible to touch > > > > properly configured router without > > > > open services on it. > > .. > > > > Optimize ipfw for speed, do not > > > > use it for count - and only > > > > mistakes lead to crash. > > > > > > > > It seems your router is powerful enough for > > > > your circumstances > > > > > > > > Servers are another thing however... :-(( > > > > > > > > > Ok, understood - but the point is, at some point the attackers are going > > > > > to realize that their syn floods are no longer hurting me ... and > > > > > regardless of what they conclude from this, what is the standard "next > > > > > step" ? If they are just flooders/packeteers, what do they graduate to > > > > > when syn floods no longer do the job ? > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042270323.565094.9988.nullmailer>