Date: Fri, 10 Jan 2003 21:31:41 -0800 (PST) From: Josh Brooks <user@mail.econolodgetulsa.com> To: "."@babolo.ru Cc: freebsd-net@freebsd.org Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <20030110213122.C78856-100000@mail.econolodgetulsa.com> In-Reply-To: <1042260446.806267.9734.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
What would you run on a different server to do traffic estimation ? How would you do such a thing ? thanks. On Sat, 11 Jan 2003 .@babolo.ru wrote: > > Well, my "router" is the freebsd machine - celeron 500 and 256 megs. > > > > Where would you suggest doing bandwidth counts for all of my IPs if I > > don't use ipfw count rules at the firewall/router ? > I use argus. > It is not so comfortable for traffic accounting. > It is used for the second role - traffic auditing too. > > And see - trafic estimation is not router's job. > Use separate server, and remember, that traffic calculation > can be huge under attack. > > > And also thank you very much - I am very happy to hear that you think a > > freebsd firewall/router will not be easy to break if it is not allowing > > things to ports on the servers behind it that are not valid... > Sorry, I know English bad and do not understant > your last line above. > > > On Sat, 11 Jan 2003 .@babolo.ru wrote: > > > > > IMHO it is almoust impossible to touch > > > properly configured router without > > > open services on it. > .. > > > Optimize ipfw for speed, do not > > > use it for count - and only > > > mistakes lead to crash. > > > > > > It seems your router is powerful enough for > > > your circumstances > > > > > > Servers are another thing however... :-(( > > > > > > > Ok, understood - but the point is, at some point the attackers are going > > > > to realize that their syn floods are no longer hurting me ... and > > > > regardless of what they conclude from this, what is the standard "next > > > > step" ? If they are just flooders/packeteers, what do they graduate to > > > > when syn floods no longer do the job ? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030110213122.C78856-100000>