how to know if i'm under flood?
James Bowman Sineath, III
sineathj1 at citadel.edu
Sat Aug 27 22:48:17 GMT 2005
In response to your first question, I would highly recommend setting up a
verbose firewall if you have not already done so. Personally, I use ipfw but
there are a variety of options available to you (pf/ipf/ipfw/ipfw2), so
check out the handbook and figure out which one you want to use. Doing this
is a vital step in preventing attacks and keeping track of the connections
on your system. There are also a variety of sysctl variables that can help
in handling DoS attacks, if you find yourself being flooded on a regular
basis then you may want to play with some of them.
There are a variety of ways to watch for DoS attacks and floods, but setting
up a firewall is a vital part of that. If you need any help doing so then
feel free to ask and I would be happy to help (however I am only familiar
with ipfw and ipf) but be sure to read the handbook first.
> And how exactly use netstat for this purpose? I see many options in
> man pages.
try netstat -a. I've never used netstat for this purpose but I believe that
may work, it will list all of your current connections. If you have a lot of
them then you are probably being DoS'd.
Class of 2006, the Citadel
sineathj1 at citadel.edu - bow.sineath at gmail.com
More information about the freebsd-questions