Date: Tue, 03 Oct 2000 10:30:17 -0700 From: Darcy Buskermolen <darcy@ok-connect.com> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: 4.1.1 Kernel ipfw, brought to its knees Message-ID: <3.0.32.20001003103017.019e19f0@mail.ok-connect.com>
next in thread | raw e-mail | index | archive | help
Try the same test without log_in_vain turned on. You may be trying to trouble shoot 2 problems in one, I've had bad experances with syslog and heave load in the past. At 12:14 PM 10/3/00 -0400, Forrest Aldrich wrote: >The nmap scan was a basic nmap ping. No options. > >Yes, the scan was local (on our LAN 100mbit). Nothing special was running >on this machine, other than packet filters and appropriate kernel config >options. It was just installed (FreeBSD-4.1.1) yesterday from the releng4 >server snapshot archive, and cvsup'd. > >The only errors I saw generated in the log were that from tcp_log_in_vain >setting. Glad I had at least that set, so I could know what was going >on. I also noted many syslogd -s processes running at one point, and I >tried killing those off to see if that would help. It just got worse. > >We performed this as a "qa" test, to see how FreeBSD would stand up to an >attack, without third-party utilities. > >Unusable means, the system froze... literally. I couldn't get any prompt >response, no connections, nothing. > >So, given that we're using FreeBSD on our infrastructure, we're very >concerned about this. > >We were experimenting with the rc.firewall config, as some of the options >were new (the dns update acl, for example). We did run into some weird >problems (and it's probably configuration error on our part) with regard to >connectivity. > >I'm attaching, for this named machine, the KERNEL config and the >/etc/rc.firewall config for your persual. Input or suggestions about the >config would be welcomed. > > >Thanks, > > >_F > > > > >At 11:31 PM 10/2/2000 -0700, Crist J . Clark wrote: >>On Mon, Oct 02, 2000 at 03:47:40PM -0400, Forrest Aldrich wrote: >> > I was working with our security person here at work, with my ipfw >> > config. I ran into some problems, which I'm still trying to figure out. >> > >> > So, he offered to at least scan the machine. He did a basic nmap scan... >> > brought the machine to its knees. I had ICMP bandwidth limitation >> > enabled. All except the RST (which isn't recommended for web servers). >> > >> > The machine is rendered unusable. I've never seen this happen to a >> > FreeBSD box. Our 2.2.8 systems withstand this better than this. >> > >> > ? >> >>I agree: ? >> >>What type of nmap scan? Was the scan local? What type of connection to >>the ROW do you have? What was running on the machine when the scan was >>run? What does "unusable" mean? Were any errors generated? >> >>Do you have a specific question? >>-- >>Crist J. Clark cjclark@alum.mit.edu > >Attachment Converted: "C:\Program Files\Eudora32\attach\forrienet" > >Attachment Converted: "C:\Program Files\Eudora32\attach\rc1.fir" > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.20001003103017.019e19f0>