Date: Tue, 09 May 2000 13:43:58 +0200 (MET DST) From: Tobias Roth <roth@iamexwi.unibe.ch> To: FreeBSD-questions@FreeBSD.ORG Subject: my first dos attack Message-ID: <Pine.GSO.4.10.10005091328010.8518-100000@warhol> In-Reply-To: <20000506000205.44FD837BD16@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello So I put up my server two weeks ago and it already happened: I got dos attacked. The reason for this is probably that my box runs an ircd, besides a webserver, popserver and mta. I must have been rude to someone on the ircnetwork :) However, this is how my logs looked: May 9 12:03:06 mybox /kernel: icmp redirect from 203.169.158.145: 203.169.158.151 => 203.169.158.151 May 9 12:03:06 mybox iplog[89103]: ICMP: (203.169.158.151) redirect 203.169.158.145 to network 203.169.158.151 Those IP's are not from inside my ISPs domain. I received about a hundred of those packets in a very short time, then everything stopped. Before that, I received a few telnet connection attempts from various places. I don't think this is related, but I mention it anyway. I run a two-week-old 4.0 STABLE with the following kernel options: options TCP_RESTRICT_RST #restrict emission od TCP RST options ICMP_BANDLIM #Rate limit bad replies I have TCP_DROP_SYNFIN not enabled because in LINT it says that this is not recommended for webservers. So, should I be worried about that? Should I do anythiong else than maybe change my behaviour on irc? Should I just drop that route for good? Should I try to find out who is responsible for that and make a complaint? If so, how? Thanks for help, Tobe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.10005091328010.8518-100000>