Date: Sat, 11 Jan 2003 07:15:19 +0300 (MSK) From: "."@babolo.ru To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: Jess Kitchen <jk@burstfire.net>, freebsd-net@freebsd.org Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <1042258519.765651.9608.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030110133515.Q78856-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
IMHO it is almoust impossible to touch properly configured router without open services on it. I have a great experience of wars with above 3000 users of my nets over ethernet. Every my lose was for hardware error of switch or ethernet port or configuration error. Optimize ipfw for speed, do not use it for count - and only mistakes lead to crash. It seems your router is powerful enough for your circumstances Servers are another thing however... :-(( > Ok, understood - but the point is, at some point the attackers are going > to realize that their syn floods are no longer hurting me ... and > regardless of what they conclude from this, what is the standard "next > step" ? If they are just flooders/packeteers, what do they graduate to > when syn floods no longer do the job ? > > thanks! > > On Fri, 10 Jan 2003, Jess Kitchen wrote: > > > On Fri, 10 Jan 2003, Josh Brooks wrote: > > > > > My goal is to protect my FreeBSD firewall. As I mentioned, now that I > > > have closed off everything to the victim except the ports he is actually > > > running services on, everything is great! The firewall is just fine - > > > even during a big syn flood, because it just drops all the packets that > > > aren't going to legitimate ports. > > > > > > So my question is, what will they do next ? When they nmap the victim and > > > they see all the ports are closed, what will they move to then ? > > > > Josh, > > > > If your firewall is correctly dropping packets they won't see closed ports > > at all, unless you are sending tcp resets for everything (which would be > > silly heh) > > > > Have you had a look at man blackhole yet? That usually proves to be quite > > a pain when running generic-ish stuff along the lines of -sS -F or > > whatever. > > > > Cheers, > > J. > > > > -- > > Jess Kitchen <jk@burstfire.net> > > http://www.burstfire.net/ > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042258519.765651.9608.nullmailer>