From owner-freebsd-security Wed Dec 8 14: 6: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id 450C014F36 for ; Wed, 8 Dec 1999 14:05:58 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id IAA07546; Thu, 9 Dec 1999 08:31:40 +1030 (CST) Date: Thu, 9 Dec 1999 08:31:40 +1030 From: Mark Newton To: "Scott I. Remick" Cc: freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <19991209083140.A7509@atdot.dotat.org> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" X-Mailer: Mutt 1.0i In-Reply-To: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com>; from scott@computeralt.com on Wed, Dec 08, 1999 at 04:51:11PM -0500 X-PGP-Key: http://slash.dotat.org/~newton/pgpkey.txt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Wed, Dec 08, 1999 at 04:51:11PM -0500, Scott I. Remick wrote: > I know that's what firewalls are for, and that's why I'm working on=20 > one. Holdup is time-constraints and red-tape and corporate politics and= =20 > screwed up priorities and so on, so let's just leave it that the firewal= l=20 > is coming but is not here yet (if you remember back, this is the company= =20 > that wants to use MS Proxy). =20 heheh. That's probably why you're being attacked :-) > So how does one protect themselves against such an attack? I have an=20 > Ascend Pipeline 50 router which I'm trying to sort out from the manuals = a=20 > way to use its filters and how it behaves if rules overlap (what I'm=20 > thinking is trying to find a way to block all incoming UDP packets EXCEP= T=20 > the type which are known to be good). Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start with rules that look like this: ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE ipfw add deny udp from any to any in via OUTSIDE-INTERFACE ipfw add pass all from any to any Of course, the ruleset you end up with will be more comprehensive than that, but it should give you an idea. Look at /etc/rc.firewall for more info. Alternatively buy a Cisco -- Ascends are toy routers, IMHO, with=20 somewhat limited packet filtering abilities. =20 - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: DbguImkVl+agtvstZEavU1mjAuXN7dED iQA/AwUBOE7VQzVY9oBk/GJ4EQK0yQCg9u6v9/06Ws8vBsvmLhgbXUvyHW0Anif5 kYM0zL6jWQ9wkFfKgHco6YZu =tViE -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message