Date: Sat, 8 Mar 2008 23:11:07 +0000 From: "Siraj Shaikh" <siraj.shaikh@gmail.com> To: "Robin Becker" <robin@reportlab.com> Cc: freebsd-questions@freebsd.org Subject: Re: how to respond to possible attacks Message-ID: <3b2ddd940803081511o71170756mbe1f1e8a17c1d6bc@mail.gmail.com> In-Reply-To: <47D31490.1040804@jessikat.plus.net> References: <47D31490.1040804@jessikat.plus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/03/2008, Robin Becker <robin@reportlab.com> wrote: > Sorry if this is too off topic, but I would like to find out what to do > when you suspect a possible dos attack on your system. I know there are > many experienced sysadmins here. > Although my system (freebsd 6.0/apache 2.0.x) did in fact hold up, what > steps should I be taking? The originating ip doesn't seem to be reverse > mappable. > -- Robin Are you only interested in finding out about the source of these attacks, have you got some firewall configured? Is there any particular service being targeted, what kind of packets are coming through? Also, making sure if the same ip is targetting any other hosts on your network, or any previous attempts at probing this machine or other hosts.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3b2ddd940803081511o71170756mbe1f1e8a17c1d6bc>