From owner-freebsd-questions@FreeBSD.ORG Wed May 28 14:22:38 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB8C31065670 for ; Wed, 28 May 2008 14:22:38 +0000 (UTC) (envelope-from i.tanusheff@procreditbank.bg) Received: from mail.procreditbank.bg (mail.procreditbank.bg [193.26.216.3]) by mx1.freebsd.org (Postfix) with SMTP id DFCE58FC1E for ; Wed, 28 May 2008 14:22:37 +0000 (UTC) (envelope-from i.tanusheff@procreditbank.bg) Received: (qmail 25118 invoked from network); 28 May 2008 17:39:12 +0300 Received: from unknown (HELO domino.procreditbank.bg) (10.0.0.15) by 192.168.1.3 with SMTP; 28 May 2008 17:39:12 +0300 In-Reply-To: <483D188C.3050007@muliahost.com> To: Kalpin Erlangga Silaen MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 From: Ivailo Tanusheff Message-ID: Date: Wed, 28 May 2008 17:22:38 +0300 X-MIMETrack: Serialize by Router on DOMINO/BULGARIA/PROCREDITBANK(Release 7.0.2FP2|May 14, 2007) at 28.05.2008 17:22:39, Serialize complete at 28.05.2008 17:22:39 Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-questions@freebsd.org" , owner-freebsd-questions@freebsd.org Subject: Re: Survive from DDoS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2008 14:22:38 -0000 Hi, What I wanted to say was to use pf, not ipf. You may use something like this: table persist block log quick from # sshspammer # more than 6 ssh attempts in 15 seconds will be blocked ;) pass in quick on $ext_if proto tcp to ($ext_if) port ssh keep state (max-src-conn 10, max-src-conn-rate 6/15, overload flush global) which I use for ssh flood protection or brute force attacks. You have to change the syntax to use it for DNS. Hope this will help you. Regards, Ivailo Tanusheff Kalpin Erlangga Silaen Sent by: owner-freebsd-questions@freebsd.org 28.05.2008 11:34 To Ivailo Tanusheff cc "freebsd-questions@freebsd.org" , owner-freebsd-questions@freebsd.org Subject Re: Survive from DDoS Dear Ivailo, thank you for your response. I am using ipfw to limit all packets for all open port in my server. But the packet size was 600 Mbps which could not filtered by our ISP. Ivailo Tanusheff wrote: > Hi, > > you may use ipf to drop packets from the attacking host I suppose. Or even > limit the packets to the specified port. > > Regards, > > Ivailo Tanusheff > > > > > Kalpin Erlangga Silaen > Sent by: owner-freebsd-questions@freebsd.org > 28.05.2008 05:01 > > To > "freebsd-questions@freebsd.org" > cc > > Subject > Survive from DDoS > > > > > > > Dear all, > > yesterday, our shell server was attack and server immeditiately reboot. > I checked logs, it likes UDP flood with destination port 53. Is there > any way how to survive from this kind attack? Also, is there any > url/resources to improve our shell server? > > Thank you > > > Kalpin Erlangga Silaen > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"