[ale] protection from TCP DOS attacks
Nick Lucent
nlucent at mindspring.com
Sat Jun 5 20:25:45 EDT 1999
On Sat, 5 Jun 1999, Joe Bayes wrote:
>
>
> I have five machines connected directly to an ISP (no firewall)
> through a DSL line. I suspect that I'm being attacked, probably by
> ping flood or something, from a specific site from time to time, but I
> haven't been able to get any concrete evidence. I am running RH6, with
> tcp wrappers installed and tcp syncookies enabled.
>
> 1) Is there any attack other than a ping flood which would cause this,
> but would leave no trace in /var/log/messages?
there is a bunch of them depending on what kernel version you are running.
go to www.rootshell.com
> 2) Is it possible to turn off a specific site's ability to ping my
> machine, short of my calling up my ISP and having them reconfigure
> their router? I can't seem to find a daemon or an entry in
> inetd.conf...what is it that takes care of responding to pings?
> Rootshell.com simply suggests reconfiguring your router to drop all
> packets from that address, but I would rather take care of it on my
> own if possible.
you can drop the route with ipchains or ipfwadm.
> 3) Failing the above, is there some way to log these attacks, so I can
> be sure that they're actually happenning and aren't just somebody
> ftping a large file somewhere?
you can get the tcp daemons, they log everything by IP, but if they are
locking up your machine it probably wont get logged (because the machines
locked up =)
Nick
>
> Information or pointers to information would be welcome. Thanks.
>
> --joe
>
...Buzz Lukens took that fateful step...
-- Vice President Dan Quayle confusing the sexual
assaulter/congressman with Astronaut Buzz Aldren.
Ok, I won't open it until then
-- Vice President Dan Quayle after having been
presented with an empty box that was to contain
a gift from a sailing team in South America.
He was told that the gift was not ready yet,
but that it would be presented to him when they
arrived in the United States.
More information about the Ale
mailing list