Well, my "router" is the freebsd machine - celeron 500 and 256 megs.
Where would you suggest doing bandwidth counts for all of my IPs if I don't use ipfw count rules at the firewall/router ? And also thank you very much - I am very happy to hear that you think a freebsd firewall/router will not be easy to break if it is not allowing things to ports on the servers behind it that are not valid... On Sat, 11 Jan 2003 [EMAIL PROTECTED] wrote: > IMHO it is almoust impossible to touch > properly configured router without > open services on it. > > I have a great experience of wars with above > 3000 users of my nets over ethernet. > > Every my lose was for hardware error > of switch or ethernet port > or configuration error. > > Optimize ipfw for speed, do not > use it for count - and only > mistakes lead to crash. > > It seems your router is powerful enough for > your circumstances > > Servers are another thing however... :-(( > > > Ok, understood - but the point is, at some point the attackers are going > > to realize that their syn floods are no longer hurting me ... and > > regardless of what they conclude from this, what is the standard "next > > step" ? If they are just flooders/packeteers, what do they graduate to > > when syn floods no longer do the job ? > > > > thanks! > > > > On Fri, 10 Jan 2003, Jess Kitchen wrote: > > > > > On Fri, 10 Jan 2003, Josh Brooks wrote: > > > > > > > My goal is to protect my FreeBSD firewall. As I mentioned, now that I > > > > have closed off everything to the victim except the ports he is actually > > > > running services on, everything is great! The firewall is just fine - > > > > even during a big syn flood, because it just drops all the packets that > > > > aren't going to legitimate ports. > > > > > > > > So my question is, what will they do next ? When they nmap the victim and > > > > they see all the ports are closed, what will they move to then ? > > > > > > Josh, > > > > > > If your firewall is correctly dropping packets they won't see closed ports > > > at all, unless you are sending tcp resets for everything (which would be > > > silly heh) > > > > > > Have you had a look at man blackhole yet? That usually proves to be quite > > > a pain when running generic-ish stuff along the lines of -sS -F or > > > whatever. > > > > > > Cheers, > > > J. > > > > > > -- > > > Jess Kitchen <[EMAIL PROTECTED]> > > > http://www.burstfire.net/ > > > > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-net" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
