Date: Wed, 08 Dec 1999 17:22:04 -0500 From: "Scott I. Remick" <scott@computeralt.com> To: freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <4.2.2.19991208171410.00aa4db0@mail.computeralt.com> In-Reply-To: <19991209083140.A7509@atdot.dotat.org> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:31 AM 12/9/99 +1030, Mark Newton wrote: >Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start >with rules that look like this: > > ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE > ipfw add deny udp from any to any in via OUTSIDE-INTERFACE > ipfw add pass all from any to any > >Of course, the ruleset you end up with will be more comprehensive >than that, but it should give you an idea. Look at /etc/rc.firewall >for more info. Yeah, I understand all that, believe it or not :). I actually have the system built up partway (FreeBSD 3.3, 2 NICs working, ssh the only service, firewall built into kernel, etc) but it's not quite so easy to just drop it into place. I need to get everyone off static IP and onto DHCP so I can then chop up our class C into subnets so we can actually do routing, then move some server's IPs around so they end up in the proper subnets, and I even want to drop in a 3rd NIC and have a 3-homed host. But things that involve change and aren't Microsoft solutions move at a snail's pace around here... but I digress... I am hoping to figure out a way to do exactly that with the Pipeline. I actually have a bunch of filters on it that I already created but they don't overlap the way these do and I'm unclear whether the Pipeline will interpret these filters the way I need it to. But your first 2 rules are exactly what I had in mind, and I know how to do them... I suppose I could just put them in place and see if it works. >Alternatively buy a Cisco -- Ascends are toy routers, IMHO, with >somewhat limited packet filtering abilities. They won't be doing that anytime soon. As it was, I had to obtain a no-cost system using loose used inventory so that I could build up the FreeBSD box destined to be a firewall. What I'm hoping for is a temporary band-aid solution for this one particular event, and to understand the type of attack better, and also nail the jerk and have his toys taken away from him. ----------------------- Scott I. Remick scott@computeralt.com Network and Information (802)388-7545 ext. 236 Systems Manager FAX:(802)388-3697 Computer Alternatives, Inc. http://www.computeralt.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.19991208171410.00aa4db0>