On Sat, Jan 11, 2003 at 07:15:19AM +0300, "."@babolo.ru wrote:
> IMHO it is almoust impossible to touch
> properly configured router without
> open services on it.
Don't be silly. Routers are fragile little things compared to hosts, with
much less CPU and plenty of places to strike. Protecting yo
Thanks for your help - two last questions regarding this:
1. On a FreeBSD router/firewall, does it take more processing power to
respond to (and reset) a SYN to a target IP:port that is nonexistent than
it does to respond to a target IP:port that is in heavy use ?
that is, is there some caching
> On Sat, Jan 11, 2003 at 07:15:19AM +0300, "."@babolo.ru wrote:
> > IMHO it is almoust impossible to touch
> > properly configured router without
> > open services on it.
>
> Don't be silly. Routers are fragile little things compared to hosts, with
be correct... please
> much less CPU and plent
> On Thu, Jan 09, 2003 at 10:21:52AM -0800, Josh Brooks wrote:
> >
> > But, I am concerned ... I am concerned that the attacks will simply
> > change/escalate to something else.
> >
> > If I were a script kiddie, and I suddenly saw that all of my garbage
> > packets to nonexistent ports were sudd
Hi,
After reading some more documents on DoS attacks (namely
http://www.e-gerbil.net/ras/projects/dos/dos.txt ) I have found that there
are two nice mechanisms to thwart a large number of ack and syn floods.
First, it turns out (from the paper I mention above) that most of the SYN
flood tools ou
> Thanks for your help - two last questions regarding this:
>
> 1. On a FreeBSD router/firewall, does it take more processing power to
> respond to (and reset) a SYN to a target IP:port that is nonexistent than
> it does to respond to a target IP:port that is in heavy use ?
>
> that is, is there
Brett Glass wrote:
> >mpd can do both pppoe and pptp.
>
> I've tried mpd, and its PPTP seems to be incompatible with
> XP and with some Macs. (It doesn't die completely, but runs
> at a crawl.) If it worked (and if the scripting language
> were more robust) I'd switch to it in a second!
That bug
At 06:38 PM 1/11/2003, Archie Cobbs wrote:
>That bug has been fixed, in sys/netgraph/ng_pptpgre.c revisions
>1.26 and 1.2.2.13.
Excellent! In that case, the only other thing I need to be able
to use it just about everywhere is to be able to trigger shell commands
at various points in the scripts
