Date: Sun, 12 Jan 2003 03:33:16 +0300 (MSK) From: "."@babolo.ru To: Richard A Steenbergen <ras@e-gerbil.net> Cc: "."@babolo.ru, Josh Brooks <user@mail.econolodgetulsa.com>, Jess Kitchen <jk@burstfire.net>, freebsd-net@FreeBSD.ORG Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <1042331596.782866.69020.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030111221206.GF78231@overlord.e-gerbil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, Jan 11, 2003 at 07:15:19AM +0300, "."@babolo.ru wrote: > > IMHO it is almoust impossible to touch > > properly configured router without > > open services on it. > > Don't be silly. Routers are fragile little things compared to hosts, with be correct... please > much less CPU and plenty of places to strike. Protecting your network > infrastructure is certainly the next place to go after you protect your > high-target hosts. > > For some examples, see http://www.e-gerbil.net/ras/projects/dos/dos.txt remember disposition: small net(s) connected via low band (less then 10M) link to one upstream. _If_ such a router configured correctly (no services, static only routes, closed enough efficiency optimized ipfw) then it is brobably unkillable, if source of attack in not directly connected. Unfortunately I know method to disable some directly connected ethernet ports on FreeBSD based router. Thank you for the link, it brings up some interesting idea for my student's work. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042331596.782866.69020.nullmailer>