[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dDoS attacks
francisco (firstname.lastname@example.org) wrote:
> Han wrote:
> > So my suggestion would be to put in triggers in pf that would go of
> > at certain levels that would indicate a ddos, after which logging
> > and return-rst is disabled. Perhaps pflog could go in another mode
> > that gathers much less detailed info.
> this may lead to an attacker DDoS'ing your firewall so as to break
> into your network while no/few logs are being kept. seems very risky;
> it's safer to have a slow network on which you know what's happened
> than a fast network on which you don't.
Ahem. I could not even do anything in a console. I had to pull out the
plug. And within 5 minutes my /var partition was full. Can't imagine
that that can be usefull.
I had all the logs I ever wanted of this attack and a lot more. And I
had to get online again and be able to use my machine. And to rid the
#openbsd-channel of that pest.
Of course I am not suggesting a permanent stop of logging.
Looks like you never have been ddossed.