From owner-freebsd-security  Tue Jan 18  9:57:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail5.uunet.ca (mail5.uunet.ca [142.77.1.28])
	by hub.freebsd.org (Postfix) with ESMTP id 1568F14EFC
	for <freebsd-security@freebsd.org>; Tue, 18 Jan 2000 09:56:27 -0800 (PST)
	(envelope-from matt@ARPA.MAIL.NET)
Received: from w01.arpa-canada.net ([216.95.146.6]) by mail5.uunet.ca with ESMTP id <231315-15291>; Tue, 18 Jan 2000 12:54:18 -0500
Date: Tue, 18 Jan 2000 12:53:12 -0500
From: matt <matt@ARPA.MAIL.NET>
X-Sender: matt@w01.arpa-canada.net
To: James Wyatt <jwyatt@rwsystems.net>
Cc: Jonathan Fortin <jonf@revelex.com>, freebsd-security@freebsd.org
Subject: Re: TCP/IP
In-Reply-To: <Pine.BSF.4.10.10001181136580.42481-100000@bsdie.rwsystems.net>
Message-ID: <Pine.BSF.4.21.0001181252220.98451-100000@w01.arpa-canada.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I would love to talk my uplink (uunet.ca) into filtering certain things
before they pass it on to my router, wish they would =/ Besides that, I
filter syn,fin, icmp, all udp except ntp/dns, besides that, I don't think
there is much that I can do.

-Matt

On Tue, 18 Jan 2000, James Wyatt wrote:

: Date: Tue, 18 Jan 2000 12:41:02 -0500
: From: James Wyatt <jwyatt@rwsystems.net>
: To: Jonathan Fortin <jonf@revelex.com>
: Cc: freebsd-security@freebsd.org
: Subject: Re: TCP/IP
: 
: On Tue, 18 Jan 2000, Jonathan Fortin wrote:
: > I noticed that most of the firewalls out there don't cover protection e.g, on a denial of service attack, it should ignore the whole protocol
: > but only allow packets with 3k in lenght. etc.
: 
: The only real DoS 'thing' I've noticed is the ICMP_BANDLIM to limit icmp
: error responses, which works fairly well. Most of the DoS stuff, IMHO,
: should be done at the router, and the one on the input-end of the link if
: you can. This protects the link as well as the host. Amplifiers can really
: overwhelm a link... Of course, if you are using FreeBSD as your router,
: this becomes very implrtant on the host again, right Dennis?
: 
: I would *love* to hear what others have done besides the usual ipfw rules.
: Thanks - Jy@
: 
: 
: 
: To Unsubscribe: send mail to majordomo@FreeBSD.org
: with "unsubscribe freebsd-security" in the body of the message
: 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message