From owner-freebsd-net@FreeBSD.ORG  Tue Dec  7 10:06:55 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9C3D516A4CE
	for <freebsd-net@freebsd.org>; Tue,  7 Dec 2004 10:06:55 +0000 (GMT)
Received: from mail.loyalness.com (ns1.orgazma.org [84.94.229.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F2CB043D66
	for <freebsd-net@freebsd.org>; Tue,  7 Dec 2004 10:06:53 +0000 (GMT)
	(envelope-from sody@royalshells.com)
Received: from localhost (unknown [127.0.0.1])
	by mail.loyalness.com (Postfix) with ESMTP id 1B60636
	for <freebsd-net@freebsd.org>; Tue,  7 Dec 2004 13:13:36 +0000 (GMT)
Received: from mail.loyalness.com ([127.0.0.1])
 by localhost (loyalness.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 92299-03 for <freebsd-net@freebsd.org>;
 Tue,  7 Dec 2004 13:13:33 +0000 (GMT)
Received: from loyalness.com (localhost [127.0.0.1])
	by mail.loyalness.com (Postfix) with ESMTP id 81C5035
	for <freebsd-net@freebsd.org>; Tue,  7 Dec 2004 13:13:33 +0000 (GMT)
Received: (from sody@localhost)
	by loyalness.com (8.12.9p2/8.12.9/Submit) id iB7DDWo3094709;
	Tue, 7 Dec 2004 13:13:32 GMT
	(envelope-from sody@royalshells.com)
Date: Tue, 7 Dec 2004 13:13:32 GMT
X-Authentication-Warning: loyalness.com: sody set sender to
	sody@royalshells.com using -f
From: "RoyalShells Admin" <sody@royalshells.com>
To: freebsd-net@freebsd.org
Cc: 
X-Originating-IP: 128.139.226.34
X-Mailer: Usermin 1.070
Message-Id: <1102425212.94706@loyalness.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="bound1102425212"
X-Virus-Scanned: by amavisd-new at royalshells.com
Subject: WATCHING DDOS ATTACKS
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2004 10:06:55 -0000

This is a multi-part message in MIME format.

--bound1102425212
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Hi,

I have problem with D.o.S and DD.o.S attacks.
I wonder if someone already wrote/know about a module that works like pop_before_smtp, it watches /var/log/security and if it sees that in the past 30 seconds many packets were received to an IP it unbinds its (ifconfig em0 ip delete), and tracks the list of unbounded IPs, tries to readd the IP again after 5 minutes (for example).

Thanks in advance,

Sami

--bound1102425212--