Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 May 1999 10:03:38 -0600
From:      Brett Glass <brett@lariat.org>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>, Michael Richards <026809r@dragon.acadiau.ca>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Denial of service attack from "imagelock.com" 
Message-ID:  <4.2.0.37.19990524100208.04727460@localhost>
In-Reply-To: <11146.927527966@critter.freebsd.dk>
References:  <Your message of "Mon, 24 May 1999 02:00:12 -0300." <Pine.GSO.4.05.9905240157240.20631-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help 
I like this idea. BUT.... You'll still get their SYNs and use up kernel
memory. (Only the OUTBOUND packets will disappear into a black hole.)
memory for awhile. Any way to filter the incoming ones without installing 
a full-up firewall?

--Brett

At 08:39 AM 5/24/99 +0200, Poul-Henning Kamp wrote:
>In message <Pine.GSO.4.05.9905240157240.20631-100000@dragon>, Michael Richards 
>writes:
> >On Sun, 23 May 1999, Brett Glass wrote:
> >
> >> The Webmasters on this list may want to look over their logs to see
> >> if they've been hit and not known it. grep your logs for imagelock.com;
> >> if you find that they're abusing your server, you may want to firewall 
> >I noticed we were hit by them this evening. 1250 requests in a few
> >minutes. Since we're not running a firewall, is there a recommended method
> >of filtering such people out? I think I did it with apache, but I'm
> >wondering if there is a better method.
>
>Add a blackhole route to them:
>
>         route add -net <IP> -netmask <MASK> 127.0.0.1 -blackhole
>
>--
>Poul-Henning Kamp             FreeBSD coreteam member
>phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
>FreeBSD -- It will take a long time before progress goes too far!
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990524100208.04727460>