Date: Sun, 02 Apr 2000 15:16:52 -0500 From: Mike Tancsa <mike@sentex.net> To: "System Admin" <kerberus@strictlyhosting.com> Cc: security@FreeBSD.ORG Subject: Re: MAJOR DDOS Message-ID: <4.2.2.20000402151228.035846d8@mail.sentex.net> In-Reply-To: <200004021417660.SM00209@strictlyhosting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:17 PM 4/2/2000 -0400, System Admin wrote: >I belive i am experiencing a major DDOS on port 80 .... 40+ Megs >inbound...... from all over, what is the fastest way to start protecting >this machine ???? and alleviate some of this traffic under 3.4 ???? I would say get in touch with your upstreams to see where all the traffic is coming from. Hopefully they have someone in their NOCs will have people around today to track down the sources of the attacks. If its all "legitimate" traffic, I dont think options ICMP_BANDLIM will help. If its all just one web site they are attacking, perhaps change the IP address for that specific site to 10.10.10.10 to protect your other sites. Make the TTL 1 second so you can quickly change it back. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000402151228.035846d8>