From owner-freebsd-net  Sat Jan 11 16:32: 6 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DCAD37B4D5
	for <freebsd-net@FreeBSD.ORG>; Sat, 11 Jan 2003 16:32:04 -0800 (PST)
Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 88EDF43F1E
	for <freebsd-net@FreeBSD.ORG>; Sat, 11 Jan 2003 16:32:02 -0800 (PST)
	(envelope-from babolo@cicuta.babolo.ru)
Received: (qmail 51976 invoked from network); 12 Jan 2003 00:45:25 -0000
Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160)
  by ints.mail.pike.ru with SMTP; 12 Jan 2003 00:45:25 -0000
Received: (nullmailer pid 69021 invoked by uid 136);
	Sun, 12 Jan 2003 00:33:16 -0000
Subject: Re: What is my next step as a script kiddie ? (DDoS)
X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1
In-Reply-To: <20030111221206.GF78231@overlord.e-gerbil.net>
To: Richard A Steenbergen <ras@e-gerbil.net>
Date: Sun, 12 Jan 2003 03:33:16 +0300 (MSK)
From: "."@babolo.ru
Cc: "."@babolo.ru, Josh Brooks <user@mail.econolodgetulsa.com>,
	Jess Kitchen <jk@burstfire.net>, freebsd-net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL99b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id: <1042331596.782866.69020.nullmailer@cicuta.babolo.ru>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

> On Sat, Jan 11, 2003 at 07:15:19AM +0300, "."@babolo.ru wrote:
> > IMHO it is almoust impossible to touch
> > properly configured router without
> > open services on it.
> 
> Don't be silly. Routers are fragile little things compared to hosts, with 
be correct... please

> much less CPU and plenty of places to strike. Protecting your network 
> infrastructure is certainly the next place to go after you protect your 
> high-target hosts.
> 
> For some examples, see http://www.e-gerbil.net/ras/projects/dos/dos.txt
remember disposition:
small net(s) connected via low band (less then 10M)
link to one upstream.

_If_ such a router configured correctly
(no services, static only routes, closed enough
efficiency optimized ipfw)
then it is brobably unkillable, if source
of attack in not directly connected.

Unfortunately I know method to disable
some directly connected ethernet ports
on FreeBSD based router.

Thank you for the link, it brings up some
interesting idea for my student's work.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message