[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dDoS attacks



francisco (frisco@blackant.net) wrote:
> Han wrote: 
>
> > So my suggestion would be to put in triggers in pf that would go  of
> > at certain levels that would indicate a ddos,  after  which  logging
> > and return-rst is disabled. Perhaps pflog could go in  another  mode
> > that gathers much less detailed info.
>
> this may lead to an attacker DDoS'ing your firewall  so  as  to  break
> into your network while no/few logs are being kept. seems very  risky;
> it's safer to have a slow network on which you  know  what's  happened
> than a fast network on which you don't.
Ahem. I could not even do anything in a console. I had to pull  out  the
plug. And within 5 minutes my /var partition  was  full.  Can't  imagine
that that can be usefull.
I had all the logs I ever wanted of this attack and a lot  more.  And  I
had to get online again and be able to use my machine. And  to  rid  the
#openbsd-channel of that pest.
Of course I am not suggesting a permanent stop of logging.
Looks like you never have been ddossed.
// Han