Re: Funny slogans to put on tshirts
On Fri, Oct 31, 2008 at 10:51 AM, Mel [EMAIL PROTECTED] wrote: On Friday 31 October 2008 10:29:35 you wrote: It's my friend's birthday tomorrow. I was thinking I'd make him a tshirt with some funny slogan on it or something. Preferably something UNIX related. But I'm all outta ideas. Perhaps y'all can help? Alright, much obliged, thanks. http://shop.cafepress.com/design/6684711 -- Mel Hahaha -- http://www.home.no/reddvinylene
Funny slogans to put on tshirts
Hello guys, It's my friend's birthday tomorrow. I was thinking I'd make him a tshirt with some funny slogan on it or something. Preferably something UNIX related. But I'm all outta ideas. Perhaps y'all can help? Alright, much obliged, thanks. -- http://www.home.no/reddvinylene
Re: pf to block against DDoS?
On Mon, Sep 22, 2008 at 10:36 AM, Lars Noodin [EMAIL PROTECTED]wrote: Redd Vinylene wrote: ... You can also use two tables so that the first overload gets shunted to a slow queue and given a second chance before ending up in the second table which gets blocked. ... Lars Noodin: Would you happen to have an example of that? Not really, here is an illustration of how it might be approached: http://www-personal.umich.edu/~lars/PF/pf.ssh-2tables.confhttp://www-persona l.umich.edu/%7Elars/PF/pf.ssh-2tables.conf I expect that the last-rule-matched takes care of the decision. The However, there might be some divergence between what I think it does and what it really does. Another question is, in which cases is that useful? Regards -Lars This has been a very interesting example, Lars. Thanks a lot for sharing! As for your last question though, I think I know what you mean. It is to say, should a rapist really be given a second chance? -- http://www.home.no/reddvinylene
Re: pf to block against DDoS?
From: Redd Vinylene [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 3:23 pm
Hello hello!
I was quite shocked today when I heard I could use pf to block
against DDoS
attacks, using Stateful Tracking Options,
http://www.openbsd.org/faq/pf/filter.html#stateopts.
But does anybody have any nice setups of this they'd want to share?
From: Oliver Peter [EMAIL PROTECTED]
To: Redd Vinylene [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 4:20 pm
... nice cross-post.
I can recommend reading through this as well:
http://www.bgnett.no/~peter/pf/en/bruteforce.html
--
Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
If it feels good, you're doing something wrong.
-- Coach McTavish
From: Peter N. M. Hansteen [EMAIL PROTECTED]
To: Oliver Peter [EMAIL PROTECTED]
Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL
PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Friday, September 5, 2008 - 1:54 am
Thanks for recommending that! However I would generally recommend the
maintained version which is up at lt;http://home.nuug.no/~peter/pf/gt
;,
with the direct link to the part about state tracking and bruteforcers
at lt;http://home.nuug.no/~peter/pf/en/bruteforce.htmlgt;.
(and of course there's the book, nudge, nudge)
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
From: Lars Noodin [EMAIL PROTECTED]
To: Oliver Peter [EMAIL PROTECTED]
Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 4:50 pm
You can also use two tables so that the first overload gets shunted to a
slow queue and given a second chance before ending up in the second
table which gets blocked.
-Lars
Much obliged to all y'all gentlemen for your valuable design insight.
Now, is there anything more I can do to secure my webserver from attacks? Or
perhaps my pf.conf can be simplified / beautified?
Peter N. M. Hansteen: Did I follow your tutorial correctly?
Lars Noodin: Would you happen to have an example of that?
My pf.conf now looks like this:
-
ext_if = rl0
int_if = ep0
set block-policy return
set skip on { lo0 }
scrub in
table bruteforce persist
nat on $ext_if from $int_if:network to any - ($ext_if)
rdr on $ext_if proto tcp from any to any port 3 - 192.168.187.2 port
3
pass out keep state
pass quick on $int_if
block in
block quick from bruteforce
pass in on $ext_if inet proto tcp from any to any port { 20, 21, 25, 53,
113, 3:35000 } keep state (max-src-conn 100, max-src-conn-rate 15/5,
overload bruteforce flush global)
pass in on $ext_if inet proto tcp from any to any port 22 keep state
(max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global)
pass in on $ext_if inet proto udp from any to any port 53 keep state
pass in on $ext_if inet proto icmp from any to any keep state
-
Have a great week! Cheers!
--
http://www.home.no/reddvinylene
Re: pf to block against DDoS?
From: Redd Vinylene [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 3:23 pm
Hello hello!
I was quite shocked today when I heard I could use pf to block
against DDoS
attacks, using Stateful Tracking Options,
http://www.openbsd.org/faq/pf/filter.html#stateopts.
But does anybody have any nice setups of this they'd want to share?
From: Oliver Peter [EMAIL PROTECTED]
To: Redd Vinylene [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 4:20 pm
... nice cross-post.
I can recommend reading through this as well:
http://www.bgnett.no/~peter/pf/en/bruteforce.html
--
Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
If it feels good, you're doing something wrong.
-- Coach McTavish
From: Peter N. M. Hansteen [EMAIL PROTECTED]
To: Oliver Peter [EMAIL PROTECTED]
Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL
PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Friday, September 5, 2008 - 1:54 am
Thanks for recommending that! However I would generally recommend the
maintained version which is up at lt;http://home.nuug.no/~peter/pf/gt
;,
with the direct link to the part about state tracking and bruteforcers
at lt;http://home.nuug.no/~peter/pf/en/bruteforce.htmlgt;.
(and of course there's the book, nudge, nudge)
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
From: Lars Noodin [EMAIL PROTECTED]
To: Oliver Peter [EMAIL PROTECTED]
Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: pf to block against DDoS?
Date: Thursday, September 4, 2008 - 4:50 pm
You can also use two tables so that the first overload gets shunted to a
slow queue and given a second chance before ending up in the second
table which gets blocked.
-Lars
Sorry, _this_ is my webserver's pf.conf (the other one was my home
firewall's):
-
mad = 80.202.2.3
doom = { 80.202.2.4 - 80.202.2.127 }
ext_if = rl0
set block-policy return
set skip on { lo0 }
scrub in
table bruteforce persist
pass out keep state
block in
block quick from bruteforce
pass in on $ext_if inet proto tcp from any to any port 22 keep state
(max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global)
pass in on $ext_if inet proto tcp from any to $mad port { 25, 53, 80, 110 }
keep state (max-src-conn 100, max-src-conn-rate 15/5, overload bruteforce
flush global)
pass in on $ext_if inet proto udp from any to $mad port 53 keep state
pass in on $ext_if inet proto tcp from any to $doom port { 20, 21, 113,
6000: } keep state (max-src-conn 100, max-src-conn-rate 15/5, overload
bruteforce flush global)
pass in on $ext_if inet proto icmp from any to any keep state
-
I hope the design adheres to: http://en.wikipedia.org/wiki/KISS_principle
--
http://www.home.no/reddvinylene
pf to block against DDoS?
Hello hello! I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? Much obliged, and thanks. -- http://www.home.no/reddvinylene
