Date: Sun, 02 Apr 2000 15:16:52 -0500 From: Mike Tancsa <mike@sentex.net> To: "System Admin" <kerberus@strictlyhosting.com> Cc: security@FreeBSD.ORG Subject: Re: MAJOR DDOS Message-ID: <4.2.2.20000402151228.035846d8@mail.sentex.net> In-Reply-To: <200004021417660.SM00209@strictlyhosting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:17 PM 4/2/2000 -0400, System Admin wrote:
>I belive i am experiencing a major DDOS on port 80 .... 40+ Megs
>inbound...... from all over, what is the fastest way to start protecting
>this machine ???? and alleviate some of this traffic under 3.4 ????
I would say get in touch with your upstreams to see where all the traffic
is coming from. Hopefully they have someone in their NOCs will have people
around today to track down the sources of the attacks.
If its all "legitimate" traffic, I dont think
options ICMP_BANDLIM
will help.
If its all just one web site they are attacking, perhaps change the IP
address for that specific site to 10.10.10.10 to protect your other
sites. Make the TTL 1 second so you can quickly change it back.
---Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000402151228.035846d8>