[Tfug] DDoS
Patrick Hollins
tfug@tfug.org
Thu Jul 11 12:51:01 2002
Ryan,
Thank you for the advise! I did not know of the blackhole setting.
Patrick
Ryan Mansager wrote:
> having
>
> options ICMP_BANDLIM
>
> in your kernel will help and:
>
> sysctl net.inet.udp.blackhole=1
>
> will silently drop all udp datagrams destined for unbound ports
> (ie, not sending icmp responses back). -r
>
> On Thu, 11 Jul 2002, Patrick Hollins wrote:
>
> > Hi,
> >
> > First time poster, short time lurker (just signed up!).
> >
> > I run FreeBSD 4.4 and have been under attack since Saturday from a Distributed
> > Denial of Service Attack. Hundreds of IP's are sending UDP port 2001 packets at
> > me, and my machine returns ICMP packets back to them at alarming rates. It
> > quickly saturates my DSL link (with downlink speed twice as fast as uplink, you
> > *really* get hammered).
> >
> > A one line entry in the router filter table stops the insanity.
> >
> > My questions to the group:
> >
> > Has anyone else been subjected to this?
> >
> > Is this an old hack I should know about?
> >
> > I have no listeners on port 2001 (netstat -a) , why would the OS respond?
> >
> > Thanks for any insight.
> >
> > Patrick
> >
> > _______________________________________________
> > tfug mailing list
> > tfug@tfug.org
> > http://www.tfug.org/mailman/listinfo/tfug
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug