[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dealing With Spoofed Floods and DDoS's With OpenBSD

Okay I've set up a little challenge for me. I'm trying to prevent
distributed denial of service attacks with OpenBSD's Packet Filter but
I'm not having very much luck. I thought that the line below would help
but it doesn't.

pass in inet proto tcp from any to any \
flags S/SA keep state

Then I tried variations of the line below, trying different values for
the variables listed, but nothing seems to help.

port { 80, 6667, 22, 21, 5190 } flags S/SA synproxy state \
       (max 1, source-track rule, max-src-nodes 20, \
        max-src-states 1, tcp.established 300, tcp.closing 5)

Both of these rules would follow:
nat on xl0 from to any ->
block in all

and when I try the synproxy, I can't get anything to work from behind
the nat, for example www.

Using hping2 in various ways (spoofing, decoy, etc.) always seems to get
past this.

Any ideas?

* Anthony

[demime 0.98d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Visit your host, monkey.org