[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] M0n0wall and DOS attacks ?
 Date:  Sun, 13 Aug 2006 12:12:50 -0500
From: "Bob Young" <bob at lavamail dot net>

> I'm not sure if WISP operators need to worry about DOS attacks or not? 
> If
> so, how do M0n0wall WISP operators here handle DOS attacks?

I had one not too long ago.  First, you router is the wrong place to handle 
it.  This is because by the time it gets to you, it has already used your 
bandwidth.  You need to work with the provider.  However, m0n0wall has very 
good logs, so it is easier.  During the attack, I had the providers NOC on 
the phone.  I would grab a chunk of logs and cut and past them in to a 
spread sheet.  Sort by IP address, and give ranges for the ISP to black hole 
on his router.

> Maybe a separate firewall capable of fending off DOS attacks, should be 
> used
> in conjunction with  M0n0wall?

Yes. The one in the NOC of your ISP.  A DOS attack works by filling the pipe 
between you and the ISP.

> Maybe I'm overly worried about DOS attacks and WISP operators don't run 
> into
> DOS attacks all that often?

Not too often...  Commercial accounts with websites more often, but still