From owner-freebsd-questions Tue Apr 17 10:19:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (f134.law11.hotmail.com [64.4.17.134]) by hub.freebsd.org (Postfix) with ESMTP id 0116E37B424 for ; Tue, 17 Apr 2001 10:19:20 -0700 (PDT) (envelope-from t403403@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 17 Apr 2001 10:19:19 -0700 Received: from 12.68.199.120 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 17 Apr 2001 17:19:19 GMT X-Originating-IP: [12.68.199.120] From: "Terry Witherspoon" To: questions@freebsd.org Subject: Avoiding denial of service. Date: Tue, 17 Apr 2001 12:19:19 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 17 Apr 2001 17:19:19.0835 (UTC) FILETIME=[89C2EEB0:01C0C762] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I've built several name servers running BIND 8.2.3. I allow SSL connections to port 800 on each where I'm running a web server. I'd like to avoid denial of service on the name servers. There are already DOS attacks in neighboring networks but as yet they've not hit me. I have been portscanned a couple of times. I've a Cisco router with an access list for port 800. What knobs can I change to reduce impact of DOS? I do not manage the Cisco but the network guy would implement any acl I ask for. SHould I do something there too? These are important servers for maybe 10,000 users. Thanks for any advice , TW _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message