From owner-freebsd-questions@FreeBSD.ORG  Tue May 24 20:53:32 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8233A1065672
	for <freebsd-questions@freebsd.org>;
	Tue, 24 May 2011 20:53:32 +0000 (UTC)
	(envelope-from aimass@yabarana.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 571F38FC17
	for <freebsd-questions@freebsd.org>;
	Tue, 24 May 2011 20:53:31 +0000 (UTC)
Received: by iyj12 with SMTP id 12so8539737iyj.13
	for <freebsd-questions@freebsd.org>;
	Tue, 24 May 2011 13:53:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.193.233 with SMTP id dv41mr3599068ibb.186.1306270411396;
	Tue, 24 May 2011 13:53:31 -0700 (PDT)
Sender: aimass@yabarana.com
Received: by 10.231.13.139 with HTTP; Tue, 24 May 2011 13:53:31 -0700 (PDT)
In-Reply-To: <BANLkTikGjnh-cfO_dtk=jf6ZVNiY=x8nqw@mail.gmail.com>
References: <BANLkTikGjnh-cfO_dtk=jf6ZVNiY=x8nqw@mail.gmail.com>
Date: Tue, 24 May 2011 16:53:31 -0400
X-Google-Sender-Auth: 6cubptKyiNQ51dGM7W7SribWJM0
Message-ID: <BANLkTikz-MgrygUh1d6czE85ufQDxC+6jw@mail.gmail.com>
From: Alejandro Imass <ait@p2ee.org>
To: Andy Wodfer <wodfer@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: Urgent: Under attack - need tcpdrop help
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2011 20:53:32 -0000

On Tue, May 24, 2011 at 4:29 PM, Andy Wodfer <wodfer@gmail.com> wrote:
> Hi,
> One of my FreeBSD servers is currently being attacked (DDOS) and I'm
> blocking IP addresses in my firewall. However, there are a large number of
> hung tcp connections and I want them gone.
>

I know it's not what you're asking but for the future try fail2ban. I
can gladly post a simple how to here for FreeBSD.

It's a very simple solution but I have been keeping off pests quite
well with fail2ban. I think it's an awesome and simple framework to
automatically ban IPs and they just move on to the th next server. In
fact you can see the bannings diminish in time as they are the one
that get tired ;-)

Good luck,

--
Alejandro Imass