Date: Thu, 9 Jan 2003 10:21:52 -0800 (PST) From: Josh Brooks <user@mail.econolodgetulsa.com> To: freebsd-net@freebsd.org Subject: What is my next step as a script kiddie ? (DDoS) Message-ID: <20030109101652.E78856-100000@mail.econolodgetulsa.com>
next in thread | raw e-mail | index | archive | help
Hello, With the help of people in this group I have largely solved my problems - by simply placing in rules to drop all packets except the ones going to ports/services that are actually in use on the destination, I have found that even during a large attack (the kinds that used to cripple me) I have no problems at all - a lot of packets simply get dropped and that's that. But, I am concerned ... I am concerned that the attacks will simply change/escalate to something else. If I were a script kiddie, and I suddenly saw that all of my garbage packets to nonexistent ports were suddenly being dropped, and say I nmap'd the thing and saw that those ports were closed - what would my next step be ? Prior to this the attacks were very simply a big SYN flood to random ports on the victim, and because of the RSTs etc., all this traffic to nonexistent ports flooded the firewall off. So what do they do next ? What is the next step ? The next level of sophistication to get around the measures I have put into place (that have been very successful - I have an attack ongoing as I write this, and it isn't hurting me at all) ------- I am hoping that the answer is "same attack, but bigger - more bandwidth, in an attempt to saturate your pipe" because the victims ae low profile enough that it is unlikely enough people could pool enough resources to make this happen. But then again, maybe there is something sophisticated that a small attacker could do - and that is what I am trying to figure out and prevent before it happens. thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030109101652.E78856-100000>