From owner-freebsd-net Fri Jan 10 23:30:52 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7254237B401 for ; Fri, 10 Jan 2003 23:30:50 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55E3B43E4A for ; Fri, 10 Jan 2003 23:30:49 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 31810 invoked from network); 11 Jan 2003 07:44:10 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 11 Jan 2003 07:44:10 -0000 Received: (nullmailer pid 9989 invoked by uid 136); Sat, 11 Jan 2003 07:32:03 -0000 Subject: Re: What is my next step as a script kiddie ? (DDoS) X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20030110213122.C78856-100000@mail.econolodgetulsa.com> To: Josh Brooks Date: Sat, 11 Jan 2003 10:32:03 +0300 (MSK) From: "."@babolo.ru Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1042270323.565094.9988.nullmailer@cicuta.babolo.ru> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > What would you run on a different server to do traffic estimation ? How > would you do such a thing ? I use argus 1.8 and my package http://free.babolo.ru/src/traf-tools-0.14.tar.gz as part of ISPMS/ISPDB http://free.babolo.ru/ports/ispms/ traf-tools has free license ISPMS/ISPDB - for non-profit or estimation > thanks. > > On Sat, 11 Jan 2003 .@babolo.ru wrote: > > > > Well, my "router" is the freebsd machine - celeron 500 and 256 megs. > > > > > > Where would you suggest doing bandwidth counts for all of my IPs if I > > > don't use ipfw count rules at the firewall/router ? > > I use argus. > > It is not so comfortable for traffic accounting. > > It is used for the second role - traffic auditing too. > > > > And see - trafic estimation is not router's job. > > Use separate server, and remember, that traffic calculation > > can be huge under attack. > > > > > And also thank you very much - I am very happy to hear that you think a > > > freebsd firewall/router will not be easy to break if it is not allowing > > > things to ports on the servers behind it that are not valid... > > Sorry, I know English bad and do not understant > > your last line above. > > > > > On Sat, 11 Jan 2003 .@babolo.ru wrote: > > > > > > > IMHO it is almoust impossible to touch > > > > properly configured router without > > > > open services on it. > > .. > > > > Optimize ipfw for speed, do not > > > > use it for count - and only > > > > mistakes lead to crash. > > > > > > > > It seems your router is powerful enough for > > > > your circumstances > > > > > > > > Servers are another thing however... :-(( > > > > > > > > > Ok, understood - but the point is, at some point the attackers are going > > > > > to realize that their syn floods are no longer hurting me ... and > > > > > regardless of what they conclude from this, what is the standard "next > > > > > step" ? If they are just flooders/packeteers, what do they graduate to > > > > > when syn floods no longer do the job ? > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message