From owner-freebsd-ipfw Mon Oct 2 23:31:48 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 8034A37B502 for ; Mon, 2 Oct 2000 23:31:46 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Mon, 2 Oct 2000 23:30:26 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e936Va268081; Mon, 2 Oct 2000 23:31:36 -0700 (PDT) (envelope-from cjc) Date: Mon, 2 Oct 2000 23:31:36 -0700 From: "Crist J . Clark" To: Forrest Aldrich Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: 4.1.1 Kernel ipfw, brought to its knees Message-ID: <20001002233136.O25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <5.0.0.25.2.20001002154554.01bfe310@64.20.73.233> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <5.0.0.25.2.20001002154554.01bfe310@64.20.73.233>; from forrie@forrie.com on Mon, Oct 02, 2000 at 03:47:40PM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Oct 02, 2000 at 03:47:40PM -0400, Forrest Aldrich wrote: > I was working with our security person here at work, with my ipfw > config. I ran into some problems, which I'm still trying to figure out. > > So, he offered to at least scan the machine. He did a basic nmap scan... > brought the machine to its knees. I had ICMP bandwidth limitation > enabled. All except the RST (which isn't recommended for web servers). > > The machine is rendered unusable. I've never seen this happen to a > FreeBSD box. Our 2.2.8 systems withstand this better than this. > > ? I agree: ? What type of nmap scan? Was the scan local? What type of connection to the ROW do you have? What was running on the machine when the scan was run? What does "unusable" mean? Were any errors generated? Do you have a specific question? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message