Re: flood attacks
From: Mike Silbersack (silby@silby.com)
Date: 09/27/01
- Next message: Denis P. Kravar: "Re: flood attacks"
- Previous message: airot@lazir.toya.net.pl: "Re: flood attacks"
- In reply to: Ronan Lucio: "flood attacks"
- Next in thread: Dave: "Re: flood attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Sep 2001 09:19:14 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Ronan Lucio <ronan@melim.com.br>
On Thu, 27 Sep 2001, Ronan Lucio wrote:
> Hi All,
>
> Some times Iīm having troubles with somebody attacking
> my network by RST flood
>
> I have two questions:
>
> 1. My FreeBSD-4.3 only show the message
> Limiting closed port RST response from 1800 to 200 packets per second.
> But, it donīt show the source IP of attack. I already looked at
> /var/log/messages, security and ipfw files and I saw nothing about this.
> Does anybody knows what option should I configure to FreeBSD show
> me such IP?
When it says "Limiting closed port RST response", what this means is that
*your* response is being limited. They could be throwing almost any type
of packet at you. In order to detect what's happening, you could install
a network IDS such as snort, or take captures with tcpdump.
Note that if the attack is spoofed, tracing it backs to its source may be
a lot of effort, and not worth it in this case. Others on this list can
probably tell you more info about how to go about this.
Mike "Silby" Silbersacks
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Denis P. Kravar: "Re: flood attacks"
- Previous message: airot@lazir.toya.net.pl: "Re: flood attacks"
- In reply to: Ronan Lucio: "flood attacks"
- Next in thread: Dave: "Re: flood attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
