Date: Mon, 2 Oct 2000 23:31:36 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: 4.1.1 Kernel ipfw, brought to its knees Message-ID: <20001002233136.O25121@149.211.6.64.reflexcom.com> In-Reply-To: <5.0.0.25.2.20001002154554.01bfe310@64.20.73.233>; from forrie@forrie.com on Mon, Oct 02, 2000 at 03:47:40PM -0400 References: <5.0.0.25.2.20001002154554.01bfe310@64.20.73.233>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 02, 2000 at 03:47:40PM -0400, Forrest Aldrich wrote: > I was working with our security person here at work, with my ipfw > config. I ran into some problems, which I'm still trying to figure out. > > So, he offered to at least scan the machine. He did a basic nmap scan... > brought the machine to its knees. I had ICMP bandwidth limitation > enabled. All except the RST (which isn't recommended for web servers). > > The machine is rendered unusable. I've never seen this happen to a > FreeBSD box. Our 2.2.8 systems withstand this better than this. > > ? I agree: ? What type of nmap scan? Was the scan local? What type of connection to the ROW do you have? What was running on the machine when the scan was run? What does "unusable" mean? Were any errors generated? Do you have a specific question? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001002233136.O25121>