At 08:56 AM 5/29/03 +0700, ius wrote: > >> yup hal itu pernah saya alami, apa ada yang efektif untuk mngurangi atau >> menangkal serangan tersebut > >Refuse responding to broadcasts request > >As for the ping request, it's also important to disable broadcast >requests. When a packet is >sent to an IP broadcast address (i.e. 192.168.1.255) from a machine on the >local network, that packet is delivered to all machines on that network. >Then all the machines on a network respond to this ICMP echo request and >the result can be severe network congestion or outages DOS >(Denial-of-Service attacks). See the RFC 2644 for more information. > >Step 1 > >Edit the sysctl.conf file (vi /etc/sysctl.conf) and add the following line: > ># Enable ignoring broadcasts request >net.ipv4.icmp_echo_ignore_broadcasts = 1 > >Step 2 > >Once the configuration has been set, you must restart your network for the >change to take effect. >The command to restart the network is the following: >To restart all networks devices manually on your system, use the following >command: > >[EMAIL PROTECTED] /]# /etc/rc.d/init.d/network restart >
Itu merupakan salah satu cara agar network kita tidak merespons broadcast request tapi tidak menghentikan flood attack dari luar. Dengan kata lain: selain mengontrol network kita (e.g. paket mana yang boleh masuk, paket yang mana yang mesti direspons dan bagaiman cara meresponsnya) kita juga mesti membuat flood/attack berhenti terkirim (karena kalau tidak, seperti yang dikatakan Bung Yulian F., flood bisa-bisa masih mendominasi pipa bandwidth yang masuk ke server/network kita). Dan itu di luar (kendali) network kita. Jalurnya saya rasa memberitahukan ISP kita agar paket flood/attack ke network kita distop dan selanjutnya ISP akan memberitahukan atau trace ke upstream-nya. Salam, Rudy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
