Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Sep 2006 13:53:05 +0200
From:      Willem Jan Withagen <wjw@withagen.nl>
To:        Julian Elischer <julian@elischer.org>
Cc:        Barney Wolff <barney@databus.com>, freebsd-net@freebsd.org, Willem Jan Withagen <wjw@digiware.nl>
Subject:   Re: blocking a string in a packet using ipfw
Message-ID:  <450A9421.6010400@withagen.nl>
In-Reply-To: <4509C4BC.3090000@elischer.org>
References:  <4509592A.3040602@digiware.nl> <20060914134611.GW76403@catpipe.net>	<20060914150902.GA17230@pit.databus.com> <45097364.1090905@withagen.nl> <4509C4BC.3090000@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote:
>> Forgot to mention: 4.7-PRERELEASE :(
> 
> 
> ugh... no tables
> and 45000 lines will be bad.
> 
> load an old PC with 6.2
> and seet it up as a bridge with 2 interfaces.
> and use ipfw table to filter on the bridge
> 

If I could have easy access to the box, that would be the sollution. But the 
box is in Amsterdam in a Colo, and currently the rack is fully loaded. And 
we're not allowed to leave stuff standing outside the rack.

For now the storm generated by the virus has calmed, because the DNS address 
used was one that was easily changed without penalties of sites getting 
unavialable. So setting that to 127.0.0.1 solved quite a lot. It still took a 
few hours to actually pickup every where. Over that time I collected over 
50.000 IP's which all ended up in IPFW. :) The box (PIII, 750 Mhz, 512Mb) 
started using a lot of system and interrupt time, but it survived it all.

Only to find out that it got whacked this morning again but now in some 
phpbb's, where they uploaded something like 45.000 viagra/spam messages. :(

But fortunately this convinced the customer that he really should upgrade both 
hardware and software. Something I've been asking for as long as I've set eyes 
on this server. Probably the hours now spent in repairing etc. could have 
better be invested in a new server.

--WjW




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?450A9421.6010400>