nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: "Dick St.Peters" <stpeters () NetHeaven com>
Date: Tue, 17 Sep 1996 14:51:05 -0400
George Herbert writes:
Simple for Livingstons... create a filter "internet.out" Contents: three lines for each net block you have: permit 1.2.3.4/20 tcp permit 1.2.3.4/20 udp permit 1.2.3.4/20 icmp
Actually, a single "permit 1.2.3.4/20" line will do. In Livingston command line syntax: set filter internet.out 1 permit 1.2.3.4/20
final line to log (optional) MUST COME AFTER permit list for netblocks: deny log The final line will have the router syslog a message any time someone tries to send from an address outside your blocks, as defined in the rest of the filter. This is optional. Keep in mind that the panix attack would probably have flooded your syslog machine's disk space with syslog info in this case. Hardening that is an issue for another day, however.
Logging denies will fill up your log anyway. Packets arriving for a dialup user after he/she hangs up fall through to the default route back out of the box. They are then _outbound_ packets with source address off the network and destination address on the network. Dialup providers who want to log denies based on a source address being on their network should have a preceding unlogged deny based on the destination address being on their network: set filter internet.out 1 permit 1.2.3.4/20 set filter internet.out 2 deny 0.0.0.0/0 1.2.3.4/20 set filter internet.out 3 deny log -- Dick St.Peters, Gatekeeper, Pearly Gateway, Ballston Spa, NY stpeters () NetHeaven com Owner, NetHeaven 518-885-1295/800-910-6671 Albany/Saratoga/Glens Falls/North Creek/Lake Placid/Blue Mountain Lake First Internet service based in the 518 area code - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix David J. Schmidt (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Craig A. Huegen (Sep 16)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 16)
- Re: New Denial of Service Attack on Panix Jon Green (Sep 16)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 16)
- Re: New Denial of Service Attack on Panix Dick St.Peters (Sep 17)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 17)
- Re: New Denial of Service Attack on Panix Dick St.Peters (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Bill Sommerfeld (Sep 16)
- RE: New Denial of Service Attack on Panix Jim Browning (Sep 16)
- Re: New Denial of Service Attack on Panix Paul A Vixie (Sep 16)
- RE: New Denial of Service Attack on Panix David Miller (Sep 17)
- Message not available
- Re: New Denial of Service Attack on Panix Sharif Torpis (Sep 17)
- Re: New Denial of Service Attack on Panix Alan Hannan (Sep 16)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 17)
- Re: New Denial of Service Attack on Panix David Miller (Sep 17)