> With the help of people in this group I have largely solved my problems - > by simply placing in rules to drop all packets except the ones going to > ports/services that are actually in use on the destination, I have found > that even during a large attack (the kinds that used to cripple me) I have > no problems at all - a lot of packets simply get dropped and that's that. > > But, I am concerned ... I am concerned that the attacks will simply > change/escalate to something else. > > If I were a script kiddie, and I suddenly saw that all of my garbage > packets to nonexistent ports were suddenly being dropped, and say I nmap'd > the thing and saw that those ports were closed - what would my next step > be ? Prior to this the attacks were very simply a big SYN flood to random > ports on the victim, and because of the RSTs etc., all this traffic to > nonexistent ports flooded the firewall off. > > So what do they do next ? What is the next step ? The next level of > sophistication to get around the measures I have put into place (that have > been very successful - I have an attack ongoing as I write this, and it > isn't hurting me at all) > > ------- > > I am hoping that the answer is "same attack, but bigger - more bandwidth, > in an attempt to saturate your pipe" because the victims ae low profile > enough that it is unlikely enough people could pool enough resources to > make this happen. But then again, maybe there is something sophisticated > that a small attacker could do - and that is what I am trying to figure > out and prevent before it happens. What is your goal? To protect your router or to protect your client? This is a big difference. And may be police is best way for both in long term.
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
