[ale] protection from TCP DOS attacks
Joe Bayes
jbayes at bronze37.mminternet.com
Sat Jun 5 18:01:22 EDT 1999
I have five machines connected directly to an ISP (no firewall)
through a DSL line. I suspect that I'm being attacked, probably by
ping flood or something, from a specific site from time to time, but I
haven't been able to get any concrete evidence. I am running RH6, with
tcp wrappers installed and tcp syncookies enabled.
1) Is there any attack other than a ping flood which would cause this,
but would leave no trace in /var/log/messages?
2) Is it possible to turn off a specific site's ability to ping my
machine, short of my calling up my ISP and having them reconfigure
their router? I can't seem to find a daemon or an entry in
inetd.conf...what is it that takes care of responding to pings?
Rootshell.com simply suggests reconfiguring your router to drop all
packets from that address, but I would rather take care of it on my
own if possible.
3) Failing the above, is there some way to log these attacks, so I can
be sure that they're actually happenning and aren't just somebody
ftping a large file somewhere?
Information or pointers to information would be welcome. Thanks.
--joe
More information about the Ale
mailing list