Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Jan 2000 00:16:09 -0800
From:      The Mad Scientist <madscientist@thegrid.net>
To:        freebsd-security@FreeBSD.org
Subject:   Re: TCP/IP
Message-ID:  <4.1.20000122001259.00973ea0@mail.thegrid.net>
In-Reply-To: <Pine.BSF.4.10.10001181136580.42481-100000@bsdie.rwsystems.net>
References:  <002801bf61de$b2663560$0900000a@server>
next in thread | previous in thread | raw e-mail | index | archive | help 
I also use these two options from LINT:

# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets.
# This is useful on systems which are exposed to SYN floods (e.g. IRC servers)
# or any system which one does not want to be easily portscannable.
#
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST

And of course, ICMP_BANDLIM

# ICMP_BANDLIM enables icmp error response bandwidth limiting.   You
# typically want this option as it will help protect the machine from
# D.O.S. packet attacks.
options         "ICMP_BANDLIM"

This is on a -stable machine.
-Dean

At 11:41 AM 1/18/00 -0600, you wrote:
>On Tue, 18 Jan 2000, Jonathan Fortin wrote:
>> I noticed that most of the firewalls out there don't cover protection e.g, 
>on a denial of service attack, it should ignore the whole protocol
>> but only allow packets with 3k in lenght. etc.
>
>The only real DoS 'thing' I've noticed is the ICMP_BANDLIM to limit icmp
>error responses, which works fairly well. Most of the DoS stuff, IMHO,
>should be done at the router, and the one on the input-end of the link if
>you can. This protects the link as well as the host. Amplifiers can really
>overwhelm a link... Of course, if you are using FreeBSD as your router,
>this becomes very implrtant on the host again, right Dennis?
>
>I would *love* to hear what others have done besides the usual ipfw rules.
>Thanks - Jy@
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000122001259.00973ea0>