From owner-freebsd-stable  Mon Aug 21 16:47:12 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from dns.comrax.com (dns.comrax.com [194.90.246.124])
	by hub.freebsd.org (Postfix) with ESMTP id C043037B618
	for <freebsd-stable@FreeBSD.ORG>; Mon, 21 Aug 2000 16:47:10 -0700 (PDT)
Received: by dns.comrax.com (Postfix, from userid 100)
	id 9DF451C99E; Tue, 22 Aug 2000 02:47:05 +0300 (IDT)
Received: from localhost (localhost [127.0.0.1])
	by dns.comrax.com (Postfix) with ESMTP id 8516316E22
	for <freebsd-stable@FreeBSD.ORG>; Tue, 22 Aug 2000 02:47:05 +0300 (IDT)
Date: Tue, 22 Aug 2000 02:47:05 +0300 (IDT)
From: <noor@comrax.com>
To: freebsd-stable@FreeBSD.ORG
Subject: DoS attacks and FreeBSD.
Message-ID: <Pine.BSF.4.10.10008220241010.11868-100000@dns.comrax.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello all,

One of our sites was a target for a DoS attempt tonight. The attempt
failed.

I have ipfw running on the server, and managed to block the IP's in
question in time. My question is: suppose I was not near the PC at the
time of the incident, how can I configure ipfw to automatically block
cnnections originating from any IP and that is continuous in a suspecious
manner? (let's say 50 concurrent connections to port 80 every second.)

Is this possible in FreeBSD or/and in ipfw? Would like to know how...

Thanks in advance.

Noor



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message