Date: Thu, 9 Dec 1999 08:31:40 +1030 From: Mark Newton <newton@atdot.dotat.org> To: "Scott I. Remick" <scott@computeralt.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <19991209083140.A7509@atdot.dotat.org> In-Reply-To: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com>; from scott@computeralt.com on Wed, Dec 08, 1999 at 04:51:11PM -0500 References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
On Wed, Dec 08, 1999 at 04:51:11PM -0500, Scott I. Remick wrote:
> I know that's what firewalls are for, and that's why I'm working on=20
> one. Holdup is time-constraints and red-tape and corporate politics and=
=20
> screwed up priorities and so on, so let's just leave it that the firewal=
l=20
> is coming but is not here yet (if you remember back, this is the company=
=20
> that wants to use MS Proxy).
=20
heheh. That's probably why you're being attacked :-)
> So how does one protect themselves against such an attack? I have an=20
> Ascend Pipeline 50 router which I'm trying to sort out from the manuals =
a=20
> way to use its filters and how it behaves if rules overlap (what I'm=20
> thinking is trying to find a way to block all incoming UDP packets EXCEP=
T=20
> the type which are known to be good).
Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start
with rules that look like this:
ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE
ipfw add deny udp from any to any in via OUTSIDE-INTERFACE
ipfw add pass all from any to any
Of course, the ruleset you end up with will be more comprehensive
than that, but it should give you an idea. Look at /etc/rc.firewall
for more info.
Alternatively buy a Cisco -- Ascends are toy routers, IMHO, with=20
somewhat limited packet filtering abilities.
=20
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: DbguImkVl+agtvstZEavU1mjAuXN7dED
iQA/AwUBOE7VQzVY9oBk/GJ4EQK0yQCg9u6v9/06Ws8vBsvmLhgbXUvyHW0Anif5
kYM0zL6jWQ9wkFfKgHco6YZu
=tViE
-----END PGP SIGNATURE-----
--PEIAKu/WMn1b1Hv9--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991209083140.A7509>