Date: Fri, 10 Jan 2003 02:25:53 +0300 (MSK) From: "."@babolo.ru To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-net@freebsd.org Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <1042154753.510477.852.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030109101652.E78856-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> With the help of people in this group I have largely solved my problems - > by simply placing in rules to drop all packets except the ones going to > ports/services that are actually in use on the destination, I have found > that even during a large attack (the kinds that used to cripple me) I have > no problems at all - a lot of packets simply get dropped and that's that. > > But, I am concerned ... I am concerned that the attacks will simply > change/escalate to something else. > > If I were a script kiddie, and I suddenly saw that all of my garbage > packets to nonexistent ports were suddenly being dropped, and say I nmap'd > the thing and saw that those ports were closed - what would my next step > be ? Prior to this the attacks were very simply a big SYN flood to random > ports on the victim, and because of the RSTs etc., all this traffic to > nonexistent ports flooded the firewall off. > > So what do they do next ? What is the next step ? The next level of > sophistication to get around the measures I have put into place (that have > been very successful - I have an attack ongoing as I write this, and it > isn't hurting me at all) > > ------- > > I am hoping that the answer is "same attack, but bigger - more bandwidth, > in an attempt to saturate your pipe" because the victims ae low profile > enough that it is unlikely enough people could pool enough resources to > make this happen. But then again, maybe there is something sophisticated > that a small attacker could do - and that is what I am trying to figure > out and prevent before it happens. What is your goal? To protect your router or to protect your client? This is a big difference. And may be police is best way for both in long term. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042154753.510477.852.nullmailer>