how to know if i'm under flood?

James Bowman Sineath, III sineathj1 at citadel.edu
Sat Aug 27 22:48:17 GMT 2005


In response to your first question, I would highly recommend setting up a 
verbose firewall if you have not already done so. Personally, I use ipfw but 
there are a variety of options available to you (pf/ipf/ipfw/ipfw2), so 
check out the handbook and figure out which one you want to use. Doing this 
is a vital step in preventing attacks and keeping track of the connections 
on your system. There are also a variety of sysctl variables that can help 
in handling DoS attacks, if you find yourself being flooded on a regular 
basis then you may want to play with some of them.

There are a variety of ways to watch for DoS attacks and floods, but setting 
up a firewall is a vital part of that. If you need any help doing so then 
feel free to ask and I would be happy to help (however I am only familiar 
with ipfw and ipf) but be sure to read the handbook first.

> And how exactly use netstat for this purpose? I see many options in
> man pages.

try netstat -a. I've never used netstat for this purpose but I believe that 
may work, it will list all of your current connections. If you have a lot of 
them then you are probably being DoS'd.

Bow Sineath
Class of 2006, the Citadel
sineathj1 at citadel.edu - bow.sineath at gmail.com



More information about the freebsd-questions mailing list