Date: Mon, 6 Jan 2003 00:21:39 -0700 From: <soralx@cydem.zp.ua> To: freebsd-hackers@FreeBSD.ORG Subject: Re: DDoS attacks, packets captured ... not sure what to do. Message-ID: <200301060021.39502.soralx@cydem.zp.ua> In-Reply-To: <3E192770.43B3D489@mindspring.com> References: <20030105145150.N80512-100000@mail.econolodgetulsa.com> <200301052332.59925.soralx@cydem.zp.ua> <3E192770.43B3D489@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Another useful thing to do is limit the number of connections per > second from a given source IP address, and to limit the total number > of connection "in progress" from a given IP address. I doubt that all the packets are sent from one real IP. But, I tnink, it may be possible to determine the IP of an attacker, because it's not just a DoS attack. He may use other methods later. I am almost sure he tried to scan ports earlier, probably with `nmap -v -O` to determine the OS, and now he knows what packets to send. BTW, what were the UDP packets for? Scanning? 06.01.2003; 00:14:26 [SorAlx] http://cydem.zp.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301060021.39502.soralx>