[aclug-L] Re: Denied connections

[gLaNDix <glandix@xxxxxxxxxxxxxx>]

On Sun, 26 Aug 2001, John Alexander wrote:

> (read aggressive) policy towards NT/2000 server maintenance). Not a single
> one (and their are a few) Linux boxes were affected.

not 100% true as one may think...  my FreeBSD box goes in and out of
service because of all the traffic i'm getting...  Sure, the exploit
doesn't apply to *bsd/*nix but the resulting traffic *can* affect it (of
course if you've got some dang fast connection and a better box than my
486, you probably don't notice it! : ^ )

now for my question...  is there any better way to prevent the above DoS
from happening on my system than firewalling off ALL connections from
infected hosts (taken from my httpd-access.log file) and reporting them to
their respective ISP?  That's what I've done so far, and I haven't really
noticed much of a slow-down...  i'm getting NAILED by RR and shawcable
customers (shawcable wants me to report EACH IP SEPERATELY to them w/ the
corresponding log entry...  i've got over 300 hosts blocked!  ARG!)

any suggestions are MORE than welcome!!!
gLaNDix

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi