Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Mar 2010 22:11:46 +0100
From:      Ivan Voras <ivoras@freebsd.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Info on DOS mitigation, kernel configuration for DOS mitigation
Message-ID:  <hnm7qi$c3$1@dough.gmane.org>
In-Reply-To: <c81e6afd1003151250kd0c0375ya5e69b9731a96b84@mail.gmail.com>
References:  <c81e6afd1003151250kd0c0375ya5e69b9731a96b84@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bogdan Webb wrote:
> Hello everyone!
> 
> First of all i would like to apologize to anyone who finds my appeal a lazy
> man's choice, actually it's indeed lazy but it's the best way to get an
> answer from a valid source. My problem is a potential DOS/DDOS... i know a
> forever talked about issue... i've already searched the freebsd's mailing
> lists and found some mitigation techniques, to bad that google ain't that
> familiar with FreeBSD, and searchin' for guides is a pain... I recall
> finding a mitigation technique that involved bandwidth shaping and other ...
> I'm using a FreeBSD 7.2-p7 with ipfw and upon testing the rules in those
> guides it alerted me that bandwidth modules weren't included in the bsd's
> kernel... Anyway could anyone provide me with a good BSD walk trough for DOS

kldload dummynet, see loader.conf(5)

> mitigation and if needed kernel modules and kernel module integration, mabe
> other firewall (but with extended howto..) ... (basically anything regarded
> to floods)

As you probably guess, a) this is a complex problem because one man's 
DOS is another's regular traffic - it's complex even to detect something 
like that, and b) most of the general solutions are not 
platform-specific but can apply to any operating system, so you can 
learn it from many sources.

First, you need to define what your outgoing network connection is (e.g. 
"10 mbit/s") and then see what kinds of tradeoffs you are prepared to 
make to protect yourself.

The general advice is:
	- read ipfw(5), especially sections on dummynet and the "limit" rule
	- study software like http://codee.pl/cband.html

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hnm7qi$c3$1>