[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: redirection to /dev/null

To: "Matthew McGehrin" <matthew@subnetmask.net>, misc@openbsd.org
Subject: Re: redirection to /dev/null
From: dreamwvr <dreamwvr@dreamwvr.com>
Date: Sat, 16 Sep 2000 17:53:44 -0600
References: <20000916224551.880D535@ns.reverse.net>

hi Matthew,
> >   mulling around the issues of redirecting to /dev/null connections that
> > attempt to flood or DoS anyone implemented such a animal. reason 
> > being is that if one can control the bw per session using say mtrg or 
> > equiv obsd  then one could do such a flip flop. anyone?
yes but AFAIK ipfw does not limit bandwidth.. per service and or session..
> If you installed ipfw you could limit the bandwidth per protocol.
need to double check that ..
> I would install iplog, to track any DoS issues that might arrise.
yes iplog will log them until the system gets DoSed as does snort and so on.. 
this is not what i was after .. rather a true bandwidth limiter that limits .. 
to per k per session and if it gets flooded redirects to /dev/null this 
is what i was looking for else well most likely i will write one:-))
> Sep 15 13:52:53 bluemoon iplog[29514]: TCP: port scan detected 
> [ports 1,2,3,4,5,6,7,8,9,10,...] from mail.reverse.net [ports 
> 2319,2320,2321,2322,2323,...]
yes just like snort it detects them 'but' this does not choke them
really IMHO.. that looks like portsentry by psionic but it detects 
trampling elephants attempting to fit into the eye of a needle;-))
not quite what i am after..thanks anyhow!
> You can get iplog from : http://ojnk.sourceforge.net/

References:
- Re: redirection to /dev/null
  - From: "Matthew McGehrin" <matthew@subnetmask.net>

Prev by Date: Re: restricted accounts
Next by Date: Re: how does one use mt, to put a tape drive online?
Prev by thread: Re: redirection to /dev/null
Next by thread: restricted accounts
Index(es):
- Date
- Thread