Re: (PM) DoS attack

Kelley L. (redhat@cococo.net)
Tue, 24 Feb 1998 13:06:18 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jason Fesler: "Re: (PM) Postscript format of new manuals"
Previous message: jp@sugar.midcoast.com: "Re: (PM) Wet weather woes"

On Tue, 24 Feb 1998, Doug Ingraham wrote:

> the ethernet interface that fixes it perfectly.
>
>
> add filter e.out
> set filter e.out 1 permit Assigned_Address/27
> set filter e.out 2 permit Ether0_Address/32
> set filter e.out 3 deny
> set ether0 ofilter e.out
> save all
>
>
> Where the Assigned_Address is that portmasters Assigned Address pool and
> Ether0_Address is the host address of that portmaster. I will usually
> test the filter by replacing line 3 with permit log instead of deny. If
> you want to see what you are denying you can use deny log for line 3. You
> need two permit lines on a PM-3 for the Assigned pool and if you are using
> Radius to allocate static's or routing networks you need to permit those
> as well.
>
> It is notable that you don't even need a DOS attack to notice bouncing
> packets. They can come from web servers that like to push things at your
> customers after they have disconnected for many minutes. I have seen this
> go on for 11 minutes when I was investigating it.
>
> In any case, this is a perfectly acceptable workaround and does the job
> almost as well as having it built in would.
>

My week for questions on filters I guess. But, in the above filter
setup, if you have customers that call in that are assigned static IPs or
customers that are assigned subnets, it won't let them out will it?

As I stated last night, I usually set a static route in the PM3 with a
metric of 15 that routes to an ip address where nothing is.

For example a PM3 ether0 addr at 192.168.1.1 with assigned pool address
192.168.2.16 pool size 48 or whatever.

I add a route like so:

add route 192.168.2.0/24 192.168.1.3 15

192.168.1.3 is just an empty hole, there is nothing at 192.168.1.3 at
all.

Is there any problem with doing it this way, will it solve the above
problem and not cause problems? I'm not arguing the best way to do
anything, just wanting to make sure what I am doing is OK. I put this on
each PM3 that is running OSPF to cover the assigned pool.

later
Kelley

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Jason Fesler: "Re: (PM) Postscript format of new manuals"
Previous message: jp@sugar.midcoast.com: "Re: (PM) Wet weather woes"