Ok, understood - but the point is, at some point the attackers are going to realize that their syn floods are no longer hurting me ... and regardless of what they conclude from this, what is the standard "next step" ? If they are just flooders/packeteers, what do they graduate to when syn floods no longer do the job ?
thanks! On Fri, 10 Jan 2003, Jess Kitchen wrote: > On Fri, 10 Jan 2003, Josh Brooks wrote: > > > My goal is to protect my FreeBSD firewall. As I mentioned, now that I > > have closed off everything to the victim except the ports he is actually > > running services on, everything is great! The firewall is just fine - > > even during a big syn flood, because it just drops all the packets that > > aren't going to legitimate ports. > > > > So my question is, what will they do next ? When they nmap the victim and > > they see all the ports are closed, what will they move to then ? > > Josh, > > If your firewall is correctly dropping packets they won't see closed ports > at all, unless you are sending tcp resets for everything (which would be > silly heh) > > Have you had a look at man blackhole yet? That usually proves to be quite > a pain when running generic-ish stuff along the lines of -sS -F or > whatever. > > Cheers, > J. > > -- > Jess Kitchen <[EMAIL PROTECTED]> > http://www.burstfire.net/ > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
