Date: Sun, 12 Jan 2003 00:40:25 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: Jess Kitchen <jk@burstfire.net>, freebsd-net@FreeBSD.ORG Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <20030111224025.GA915@gothmog.gr> In-Reply-To: <20030110133515.Q78856-100000@mail.econolodgetulsa.com> References: <20030110175022.B42178-100000@platinum.burstfire.net> <20030110133515.Q78856-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-01-10 13:36, user@mail.econolodgetulsa.com (Josh Brooks) wrote: > Ok, understood - but the point is, at some point the attackers are > going to realize that their syn floods are no longer hurting me ... > and regardless of what they conclude from this, what is the standard > "next step" ? If they are just flooders/packeteers, what do they > graduate to when syn floods no longer do the job ? They'll probably try icmp floods, or floods that will forcee your server to generate a lot of RST responses. You can safely handle a lot of icmp traffic by ignoring those icmp packets that are not useful to you or mandatory according to one of the router requirements RFCs. The rate limiting features of RESTRICT_RST will handle the rest nicely, imho. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030111224025.GA915>