On 19 Jul 2005 10:28:21 -0400, Lowell Gilbert
[EMAIL PROTECTED] wrote:
vladone [EMAIL PROTECTED] writes:
Recently i have in gateway freebsd that go down due to an DoS attack.
I dont know exactly what is (i dont have experience), but is useful if
someone, with more
wiyh more experience, can give some parameters for sysctl to prevent
Dos an flood problem.
Or perhaps with ipfw rules.
Any help will be apreciated!
The question is too general. Every resource that is consumed by
incoming traffic is potentially subject to a denial-of-service
attack.
Furthermore, most denial-of-service attacks are actually
using up your incoming bandwidth, so there isn't much you can do on
your machine after those packets have already traversed your incoming
link.
You hit the nail on the head.
Really the best this you can do, is have tight firewall, netflow
samples of your in/out data, and some cool scriptage to figure out if
something is happening (and I'm talking about more the just some
pretty graphs). Then call your ISP to block the hosts. Now if this is
a DDoS and it is from a well built network, pretty much you will have
to have the ISP null your host or network until it subsides.
See the manual for security(7), and see if that gives you a good start.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]