Date: Fri, 10 Jan 2003 13:36:39 -0800 (PST) From: Josh Brooks <user@mail.econolodgetulsa.com> To: Jess Kitchen <jk@burstfire.net> Cc: freebsd-net@freebsd.org Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <20030110133515.Q78856-100000@mail.econolodgetulsa.com> In-Reply-To: <20030110175022.B42178-100000@platinum.burstfire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, understood - but the point is, at some point the attackers are going to realize that their syn floods are no longer hurting me ... and regardless of what they conclude from this, what is the standard "next step" ? If they are just flooders/packeteers, what do they graduate to when syn floods no longer do the job ? thanks! On Fri, 10 Jan 2003, Jess Kitchen wrote: > On Fri, 10 Jan 2003, Josh Brooks wrote: > > > My goal is to protect my FreeBSD firewall. As I mentioned, now that I > > have closed off everything to the victim except the ports he is actually > > running services on, everything is great! The firewall is just fine - > > even during a big syn flood, because it just drops all the packets that > > aren't going to legitimate ports. > > > > So my question is, what will they do next ? When they nmap the victim and > > they see all the ports are closed, what will they move to then ? > > Josh, > > If your firewall is correctly dropping packets they won't see closed ports > at all, unless you are sending tcp resets for everything (which would be > silly heh) > > Have you had a look at man blackhole yet? That usually proves to be quite > a pain when running generic-ish stuff along the lines of -sS -F or > whatever. > > Cheers, > J. > > -- > Jess Kitchen <jk@burstfire.net> > http://www.burstfire.net/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030110133515.Q78856-100000>