Date: Mon, 6 Jan 2003 04:59:49 -0600 From: "E.S." <bsdterm@HotPOP.com> To: Jimi Thompson <jimit@prodigy.net>, Anti <fearow@attbi.com> Cc: "Michael" <mike@unixhideout.com>, freebsd-questions@freebsd.org Subject: Re: DOS ATTACK. Any Suggestions? Message-ID: <200301060459.49500.bsdterm@HotPOP.com> In-Reply-To: <867A1824-2136-11D7-88BD-0003930DFD02@prodigy.net> References: <867A1824-2136-11D7-88BD-0003930DFD02@prodigy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Of course, "people who don't do enough to secure their systems deserve what they get"... ...at least, that's what so many in the security field seem to say. It's a ridiculous statement, of course -- we don't say, "people who don't do enough to secure their homes deserve what they get," do we? Not where I'm from, usually (and if we all really believed that, then why don't we have doors on our houses like the ones found on bank vaults? Instead, we take smaller precautions (deadbolts, window blinds, perhaps owning a gun or other weapon) and meanwhile rely somewhat on the law to sort out home break-ins; although, I doubt that the American legal system could knowledgeably handle a computer security case), yet I can't count the number of times I've seen this mantra repeated... Anyway, that's my $0.02, I'll get off my soapbox now. :) I wish I could help you more, but I can't offer any real advice other than to look for patterns among the incoming IP's (and block them, at least temporarily), possibly limit the connection rate for each TCP connection (if FreeBSD or Apache is able to do this - I don't know offhand), see if you can find out who the moron is that thinks he's cool for DoS'ing you, replace your homepage with a small text-only version to reduce the bandwdith used (again, temporarily, until the attack stops anyway -- don't feed the attacker's ego with a message on the replacement page saying "I'm going to find you and slice off your balls," etc. as that'll probably only encourage him/them), etc... -ES On Sunday 05 January 2003 11:20 pm, Jimi Thompson wrote: > I forgot to add that hacking is now a terrorist act and can be > prosecuted as such..... > > On Sunday, January 5, 2003, at 05:28 PM, Anti wrote: > > more an issue with apache than freebsd i think... perhaps > > mod_dosevasive > > (http://www.networkdweebs.com/stuff/security.html) could be of use? > > > > `Anti` > > > > > > > > > > > > On Sun, 5 Jan 2003 17:53:23 -0500 (EST) > > > > "Michael" <mike@unixhideout.com> wrote: > >> Sigh. I have had my website for well over a few years now. I am very > >> upset > >> with the internet and where it is going due to the fact that their is > >> so > >> many children on it whose parents dont know how to do their jobs and > >> they > >> allow their children to perform dos attacks and god only knows what > >> else > >> on daddys fast connection. The internet falls the perfect place for > >> every > >> child/grownup who was/is pushed around in school, the unpopular kids > >> no > >> one likes, the fat kid in class and the guys that cant even get laid > >> to go > >> online and be "the man" behind the monitor. It is the only place they > >> can > >> go and be "something in power" As lame as that is this must be how > >> they > >> look at it in their sick mind. I have been dossed many times. Heres > >> the > >> latest. I go to > >> > >> http://www.unixhideout.com/server-status which you can also look at > >> if it > >> actually loads for you.. and i see around 80-100 of these 24/7 > >> > >> 1-0 50860 1/4/4 K 0.40 10 1134 0.0 0.00 0.00 24.67.253.203 > >> www.unixhideout.com GET / HTTP/1.1 > >> > >> all from different (at least 100 ips) over and over again bringing my > >> server to its knees. As i said previously i have been dossed by the > >> nobodys many times and it usually just goes away. This has been going > >> on > >> since january first. I am running IPFW with very strict rules, on > >> FreeBSD > >> 4.7 IPFW does me no good because i am allowing the port they are > >> abusing > >> (80) due to the last DOS attack and my few hours research i have the > >> following options already in my rc.conf > >> > >> tcp_extensions="NO" > >> tcp_keepalive="YES" > >> tcp_restrict_rst="YES" > >> icmp_bmcastecho="NO" > >> icmp_drop_redirect="YES" > >> firewall_enable="YES" > >> firewall_script="/etc/rc.firewall" > >> firewall_type="custom" > >> firewall_quiet="NO" > >> firewall_logging_enable="YES" > >> log_in_vain="YES" > >> > >> Im sure you can notice some mistakes. I try to keep the research on > >> this > >> lame shit to a minumum as it does not interest me to learn how to hurt > >> other people. Please help me get the best out of this immature child > >> and > >> continue my website which is a complete gift to FreeBSD and its > >> community, > >> not that you owe me a god damn thing but you understand what i mean.. > >> I > >> have dealt with this many times. As soon as my site gets big and i > >> have a > >> lot of users in irc, some little jealous network comes along and > >> destroys > >> what i worked on. The last time this happened my ISP shut ME off > >> because > >> it took out one of their facilities. > >> -- > >> Mike > >> mike@unixhideout.com > >> The unixhideout network, > >> http://www.unixhideout.com > >> need to get ahold of me? > >> finger mike@unixhideout.com > >> > >> > >> ----------------------------------------- > >> Free, secure and stable email from UnixHideout > >> "The UnixHideout network" > >> http://www.unixhideout.com/ > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301060459.49500.bsdterm>