From owner-freebsd-questions@FreeBSD.ORG Wed May 25 14:01:54 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8DE5106566C for ; Wed, 25 May 2011 14:01:54 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 62F488FC24 for ; Wed, 25 May 2011 14:01:54 +0000 (UTC) Received: by wwc33 with SMTP id 33so8173429wwc.31 for ; Wed, 25 May 2011 07:01:53 -0700 (PDT) Received: by 10.227.200.206 with SMTP id ex14mr4774306wbb.12.1306332113108; Wed, 25 May 2011 07:01:53 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id fq6sm392445wbb.61.2011.05.25.07.01.51 (version=SSLv3 cipher=OTHER); Wed, 25 May 2011 07:01:52 -0700 (PDT) Message-ID: <4DDD0BCE.9080607@my.gd> Date: Wed, 25 May 2011 16:01:50 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Urgent: Under attack - need tcpdrop help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2011 14:01:54 -0000 On 5/24/11 10:53 PM, Alejandro Imass wrote: > On Tue, May 24, 2011 at 4:29 PM, Andy Wodfer wrote: >> Hi, >> One of my FreeBSD servers is currently being attacked (DDOS) and I'm >> blocking IP addresses in my firewall. However, there are a large number of >> hung tcp connections and I want them gone. >> > > I know it's not what you're asking but for the future try fail2ban. I > can gladly post a simple how to here for FreeBSD. > > It's a very simple solution but I have been keeping off pests quite > well with fail2ban. I think it's an awesome and simple framework to > automatically ban IPs and they just move on to the th next server. In > fact you can see the bannings diminish in time as they are the one > that get tired ;-) > > Good luck, > > -- > Alejandro Imass > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" There is no need for fail2ban on freebsd, one may install sshguard from the ports, which interacts with the firewalls (IPFW, PF...) or the allow/deny files.