[Tfug] DDoS
Patrick Hollins
tfug@tfug.org
Thu Jul 11 13:59:01 2002
Scott,
You are providing useful information very relative to my questions, so you are
entitled to call me whatever you want!
This server was my first stab at FreeBSD. I threw it up last October and have
not had a single problem with it. So less than 1 year with FreeBSD makes me a
newbie. No problem for me. I claim the title!! :-)
A few things in the daemonnews.org link look very useful. Thanks!
I will keep the router solution in place as it keeps the traffic out of my net.
It's getting to be that even shitty little nets like mine need an industrial
strength firewall... Sounds like a worthy project to me. I need to get my kids
interested in Firewalls so we can spend some quality family time together!
Thanks again to all,
Patrick
Scott Fuller wrote:
> Patirck,
>
> I don't mean to make you look like a newbie... You probably know more than I
> do when it comes to FreeBSD :) You might want to check this site out also.
> It's just some very basic FreeBSD security things you can do
>
> http://people.freebsd.org/~jkb/howto.html
>
> There is also this page...
>
> http://www.daemonnews.org/200108/security-howto.html
>
> I can't remember off the top of my head the sysctl command to turn on black
> holing without rebooting... Maybe if Bill or someone is on the list they can
> jump in :)
>
> --Scott Fuller
>
> ----- Original Message -----
> From: "Patrick Hollins" <Patrick@hollins.net>
> To: <tfug@tfug.org>
> Sent: Thursday, July 11, 2002 3:50 PM
> Subject: Re: [Tfug] DDoS
>
> > Ryan,
> >
> > Thank you for the advise! I did not know of the blackhole setting.
> >
> > Patrick
> >
> > Ryan Mansager wrote:
> >
> > > having
> > >
> > > options ICMP_BANDLIM
> > >
> > > in your kernel will help and:
> > >
> > > sysctl net.inet.udp.blackhole=1
> > >
> > > will silently drop all udp datagrams destined for unbound ports
> > > (ie, not sending icmp responses back). -r
> > >
> > > On Thu, 11 Jul 2002, Patrick Hollins wrote:
> > >
> > > > Hi,
> > > >
> > > > First time poster, short time lurker (just signed up!).
> > > >
> > > > I run FreeBSD 4.4 and have been under attack since Saturday from a
> Distributed
> > > > Denial of Service Attack. Hundreds of IP's are sending UDP port 2001
> packets at
> > > > me, and my machine returns ICMP packets back to them at alarming
> rates. It
> > > > quickly saturates my DSL link (with downlink speed twice as fast as
> uplink, you
> > > > *really* get hammered).
> > > >
> > > > A one line entry in the router filter table stops the insanity.
> > > >
> > > > My questions to the group:
> > > >
> > > > Has anyone else been subjected to this?
> > > >
> > > > Is this an old hack I should know about?
> > > >
> > > > I have no listeners on port 2001 (netstat -a) , why would the OS
> respond?
> > > >
> > > > Thanks for any insight.
> > > >
> > > > Patrick
> > > >
> > > > _______________________________________________
> > > > tfug mailing list
> > > > tfug@tfug.org
> > > > http://www.tfug.org/mailman/listinfo/tfug
> > > _______________________________________________
> > > tfug mailing list
> > > tfug@tfug.org
> > > http://www.tfug.org/mailman/listinfo/tfug
> >
> > _______________________________________________
> > tfug mailing list
> > tfug@tfug.org
> > http://www.tfug.org/mailman/listinfo/tfug
> >
>
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug