[Tfug] DDoS
Ryan Mansager
tfug@tfug.org
Thu Jul 11 12:17:01 2002
having
options ICMP_BANDLIM
in your kernel will help and:
sysctl net.inet.udp.blackhole=1
will silently drop all udp datagrams destined for unbound ports
(ie, not sending icmp responses back). -r
On Thu, 11 Jul 2002, Patrick Hollins wrote:
> Hi,
>
> First time poster, short time lurker (just signed up!).
>
> I run FreeBSD 4.4 and have been under attack since Saturday from a Distributed
> Denial of Service Attack. Hundreds of IP's are sending UDP port 2001 packets at
> me, and my machine returns ICMP packets back to them at alarming rates. It
> quickly saturates my DSL link (with downlink speed twice as fast as uplink, you
> *really* get hammered).
>
> A one line entry in the router filter table stops the insanity.
>
> My questions to the group:
>
> Has anyone else been subjected to this?
>
> Is this an old hack I should know about?
>
> I have no listeners on port 2001 (netstat -a) , why would the OS respond?
>
> Thanks for any insight.
>
> Patrick
>
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug