route add $attacker localhost - viable?
From: Tc (udgg@hotmail.com)
Date: 12/17/02
- Next message: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Previous message: Michal Jaegermann: "Re: Sudden activity on smtp port"
- Next in thread: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Reply: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: udgg@hotmail.com (Tc) Date: 16 Dec 2002 22:12:08 -0800
Hello!
Recently one of our sun boxes was attacked by a DDOS (snort identified
it as Whisker attack: ie: brute force dictionary attack). They (300
unique ips) were attempting to gain access to a secure area.
The box has SunScreen Lite on it. In the past, when I attempted to
add 500 ip's to the firewall (during an attack), the box was nearly
brought down while attempting to compile the rules. (and that won't
do!)
I've been told (and have even seen the odd comment posted) that you
can route them to /dev/null.
Is that what "route add $SomeIpAddress localhost" does?
It seemed to work-- all resources except the TCP stack (makes sense)
went back to normal.
Is there a better way to do this with "route add"?
My thanks to the group!
Udgg
"I'm just a caveman. Your world [of technology] frightens and confuses
me ... "
- Next message: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Previous message: Michal Jaegermann: "Re: Sudden activity on smtp port"
- Next in thread: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Reply: those who know me have no need of my name: "Re: route add $attacker localhost - viable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
