[Tfug] DDoS

Scott Fuller tfug@tfug.org
Thu Jul 11 13:20:01 2002 

Patirck,

I don't mean to make you look like a newbie... You probably know more than I
do when it comes to FreeBSD :)  You might want to check this site out also.
It's just some very basic FreeBSD security things you can do

http://people.freebsd.org/~jkb/howto.html

There is also this page...

http://www.daemonnews.org/200108/security-howto.html

I can't remember off the top of my head the sysctl command to turn on black
holing without rebooting... Maybe if Bill or someone is on the list they can
jump in :)

--Scott Fuller


----- Original Message -----
From: "Patrick Hollins" <Patrick@hollins.net>
To: <tfug@tfug.org>
Sent: Thursday, July 11, 2002 3:50 PM
Subject: Re: [Tfug] DDoS


> Ryan,
>
> Thank you for the advise!  I did not know of the blackhole setting.
>
> Patrick
>
> Ryan Mansager wrote:
>
> >  having
> >
> >  options         ICMP_BANDLIM
> >
> >  in your kernel will help and:
> >
> >  sysctl net.inet.udp.blackhole=1
> >
> >  will silently drop all udp datagrams destined for unbound ports
> >  (ie, not sending icmp responses back). -r
> >
> > On Thu, 11 Jul 2002, Patrick Hollins wrote:
> >
> > > Hi,
> > >
> > > First time poster, short time lurker (just signed up!).
> > >
> > > I run FreeBSD 4.4 and have been under attack since Saturday from a
Distributed
> > > Denial of Service Attack.  Hundreds of IP's are sending UDP port 2001
packets at
> > > me, and my machine returns ICMP packets back to them at alarming
rates.  It
> > > quickly saturates my DSL link (with downlink speed twice as fast as
uplink, you
> > > *really* get hammered).
> > >
> > > A one line entry in the router filter table stops the insanity.
> > >
> > > My questions to the group:
> > >
> > > Has anyone else been subjected to this?
> > >
> > > Is this an old hack I should know about?
> > >
> > > I have no listeners on port 2001 (netstat -a) , why would the OS
respond?
> > >
> > > Thanks for any insight.
> > >
> > > Patrick
> > >
> > > _______________________________________________
> > > tfug mailing list
> > > tfug@tfug.org
> > > http://www.tfug.org/mailman/listinfo/tfug
> > _______________________________________________
> > tfug mailing list
> > tfug@tfug.org
> > http://www.tfug.org/mailman/listinfo/tfug
>
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
>