From owner-freebsd-security Wed Dec 8 14:11:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id F2C84151FA for ; Wed, 8 Dec 1999 14:11:30 -0800 (PST) (envelope-from freebsd@deepwell.com) Received: (qmail 10197 invoked from network); 8 Dec 1999 23:03:18 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 8 Dec 1999 23:03:18 -0000 Message-Id: <4.2.0.58.19991208141045.00d293f0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 08 Dec 1999 14:11:31 -0800 To: Mark Newton , freebsd-security@freebsd.org From: Deepwell Internet Subject: Re: What kind of attack is this? In-Reply-To: <19991209083140.A7509@atdot.dotat.org> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > So how does one protect themselves against such an attack? I have an > > Ascend Pipeline 50 router which I'm trying to sort out from the manuals a > > way to use its filters and how it behaves if rules overlap (what I'm > > thinking is trying to find a way to block all incoming UDP packets EXCEPT > > the type which are known to be good). > >Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start >with rules that look like this: > > ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE > ipfw add deny udp from any to any in via OUTSIDE-INTERFACE > ipfw add pass all from any to any > >Of course, the ruleset you end up with will be more comprehensive >than that, but it should give you an idea. Look at /etc/rc.firewall >for more info. > >Alternatively buy a Cisco -- Ascends are toy routers, IMHO, with >somewhat limited packet filtering abilities. > > - mark Not to mention Ascend's broken NAT implementation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message