From owner-freebsd-questions Sun Jan 5 21:21:32 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA3FE37B401 for ; Sun, 5 Jan 2003 21:21:29 -0800 (PST) Received: from smtpauth2-ext.prodigy.net (smtpauth2-ext.prodigy.net [207.115.63.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD5B443ED1 for ; Sun, 5 Jan 2003 21:21:28 -0800 (PST) (envelope-from jimit@prodigy.net) Received: from prodigy.net (crtntx1-ar1-4-60-248-166.crtntx1.dsl-verizon.net [4.60.248.166]) (authenticated) by smtpauth2-ext.prodigy.net (8.11.0/8.11.0) with ESMTP id h065LPp218672; Mon, 6 Jan 2003 00:21:26 -0500 Date: Sun, 5 Jan 2003 23:20:09 -0600 Subject: Re: DOS ATTACK. Any Suggestions? Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) Cc: "Michael" , freebsd-questions@freebsd.org To: Anti From: Jimi Thompson In-Reply-To: <20030105172859.099b3a34.fearow@attbi.com> Message-Id: <867A1824-2136-11D7-88BD-0003930DFD02@prodigy.net> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.551) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I forgot to add that hacking is now a terrorist act and can be prosecuted as such..... On Sunday, January 5, 2003, at 05:28 PM, Anti wrote: > > more an issue with apache than freebsd i think... perhaps > mod_dosevasive > (http://www.networkdweebs.com/stuff/security.html) could be of use? > > `Anti` > > > > > > On Sun, 5 Jan 2003 17:53:23 -0500 (EST) > "Michael" wrote: > >> Sigh. I have had my website for well over a few years now. I am very >> upset >> with the internet and where it is going due to the fact that their is >> so >> many children on it whose parents dont know how to do their jobs and >> they >> allow their children to perform dos attacks and god only knows what >> else >> on daddys fast connection. The internet falls the perfect place for >> every >> child/grownup who was/is pushed around in school, the unpopular kids >> no >> one likes, the fat kid in class and the guys that cant even get laid >> to go >> online and be "the man" behind the monitor. It is the only place they >> can >> go and be "something in power" As lame as that is this must be how >> they >> look at it in their sick mind. I have been dossed many times. Heres >> the >> latest. I go to >> >> http://www.unixhideout.com/server-status which you can also look at >> if it >> actually loads for you.. and i see around 80-100 of these 24/7 >> >> 1-0 50860 1/4/4 K 0.40 10 1134 0.0 0.00 0.00 24.67.253.203 >> www.unixhideout.com GET / HTTP/1.1 >> >> all from different (at least 100 ips) over and over again bringing my >> server to its knees. As i said previously i have been dossed by the >> nobodys many times and it usually just goes away. This has been going >> on >> since january first. I am running IPFW with very strict rules, on >> FreeBSD >> 4.7 IPFW does me no good because i am allowing the port they are >> abusing >> (80) due to the last DOS attack and my few hours research i have the >> following options already in my rc.conf >> >> tcp_extensions="NO" >> tcp_keepalive="YES" >> tcp_restrict_rst="YES" >> icmp_bmcastecho="NO" >> icmp_drop_redirect="YES" >> firewall_enable="YES" >> firewall_script="/etc/rc.firewall" >> firewall_type="custom" >> firewall_quiet="NO" >> firewall_logging_enable="YES" >> log_in_vain="YES" >> >> Im sure you can notice some mistakes. I try to keep the research on >> this >> lame shit to a minumum as it does not interest me to learn how to hurt >> other people. Please help me get the best out of this immature child >> and >> continue my website which is a complete gift to FreeBSD and its >> community, >> not that you owe me a god damn thing but you understand what i mean.. >> I >> have dealt with this many times. As soon as my site gets big and i >> have a >> lot of users in irc, some little jealous network comes along and >> destroys >> what i worked on. The last time this happened my ISP shut ME off >> because >> it took out one of their facilities. >> -- >> Mike >> mike@unixhideout.com >> The unixhideout network, >> http://www.unixhideout.com >> need to get ahold of me? >> finger mike@unixhideout.com >> >> >> ----------------------------------------- >> Free, secure and stable email from UnixHideout >> "The UnixHideout network" >> http://www.unixhideout.com/ >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message