There are exemples for this configuration?
Thanks,
Denis
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, July 29, 2005 4:12 AM
To: Sean Knox
Cc: jeff; [email protected]; jking1
Subject: Re: DDOS Attack!!!who can help me?
Define a filter to drop the packets with SYN+FIN flags set.
Mihai
> jeff wrote:
>> Sean Knox wrote:
>>
>>> <tcpdump logs and pf.conf snipped>
>>>
>>> The only people who can help is your ISP. Talk to them and hopefully
>>> they can trace the attack upstream.
>>
>>
>> I once added this to pf.conf to mitigate a DDoS. It appeared to have
>> worked, but it may have been a placebo effect ;)
>>
>> set optimization aggressive
>> set timeout tcp.first 45
>> set timeout tcp.established 43200
>> set timeout { adaptive.start 30000, adaptive.end 45000 } set limit
>> states 40000
>>
>
>
> This might help with a SYN attack as long you still have available
> bandwidth. Additionally, this wouldn't help against any non-TCP
packet.
> If an attacker is exhausting your pipe, all the firewalling in the
> world won't help. You'll have to have upstream ISPs route the packets
> into /dev/null.
>
> sk
