From owner-freebsd-security  Tue Jan 18  9:47: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 684C414CF1
	for <freebsd-security@freebsd.org>; Tue, 18 Jan 2000 09:46:59 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1307 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m12Acco-000CC8C@bsdie.rwsystems.net>
	for <freebsd-security@freebsd.org>; Tue, 18 Jan 2000 11:41:02 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Tue, 18 Jan 2000 11:41:02 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Jonathan Fortin <jonf@revelex.com>
Cc: freebsd-security@freebsd.org
Subject: Re: TCP/IP
In-Reply-To: <002801bf61de$b2663560$0900000a@server>
Message-ID: <Pine.BSF.4.10.10001181136580.42481-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 18 Jan 2000, Jonathan Fortin wrote:
> I noticed that most of the firewalls out there don't cover protection e.g, on a denial of service attack, it should ignore the whole protocol
> but only allow packets with 3k in lenght. etc.

The only real DoS 'thing' I've noticed is the ICMP_BANDLIM to limit icmp
error responses, which works fairly well. Most of the DoS stuff, IMHO,
should be done at the router, and the one on the input-end of the link if
you can. This protects the link as well as the host. Amplifiers can really
overwhelm a link... Of course, if you are using FreeBSD as your router,
this becomes very implrtant on the host again, right Dennis?

I would *love* to hear what others have done besides the usual ipfw rules.
Thanks - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message