[ previous ] [ next ] [ threads ]
 From:  "Chet Harvey" <chet at pittech dot com>
 To:  "Matt McGuire" <mmcguire at o1 dot com>, "m0n0wall at lists dot m0n0 dot ch"
 Subject:  Rv: [m0n0wall] Stopping DoS attacks
 Date:  Sat, 22 May 2004 15:33:39 -0100
I too see (saw) a lot of junk in my logs from drone systems or people
scanning. What I did is just setup rules to drop and not log certain known
scans like from worms, etc.

--------- Mensagem Original --------
From: Matt McGuire <mmcguire at o1 dot com>
To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch>
Subject: [m0n0wall] Stopping DoS attacks
Date: 22/05/04 17:13

> At times I am getting a lot of activity in the firewall logs.  I assume
> this is a Dos attack with icmp?  Am I correct?  Also what is the best
> way to stop this from happening?  I do not let this traffic through,
> however the load on the firewall becomes so high that WAN access is
> slowed to a crawl. Below is one of many identical entries.
> 11:06:03.544257 sis1 @0:19 b -&gt; PR icmp len 20 56
> icmp timxceed/transit for - PR icmp len 20 56 icmp
> 3/2 IN
> Thanks,
> Matthew
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch