Re: Watched a DDoS attack for hours and couldn't do much :S

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Watched a DDoS attack for hours and couldn't do much :S
Date: Mon, 27 Nov 2006 12:57:26 -0600	[thread overview]
Message-ID: <456B3516.8060309@riverviewtech.net> (raw)
In-Reply-To: <1164647806.21896.18.camel@srv1.iihs.net>

AntiProxy wrote:
> Actually, it's an external attack, apparently from a whole bunch of
> compromised machines..

Do you have any idea who initiated the attack and / or why?

> One thing i thought off, was to pipe tcpdump's output into a couple awks
> and seds and generate IPTABLE rules on the fly..

Something you might consider would be to look at either how the ULog daemon
works, or possibly NetLink (CONFIG_IP_NF_QUEUE) directly.  Either way, I
believe it would be possible to write a daemon that can have the kernel
communicate which packets it is seeing that are not already (explicitly)
processed by IPTables rules and then use a different method (NetFilter
APIs?) to dynamically update the firewall rule(s) on the fly.

I have no experience in this area, probably evident by using the wrong terms
/ names for the existing resources to communicate with the kernel.  However
I think there is at least a direction to go with this.  If you would like
help developing such, I'm willing to try to help.

Grant. . . .

next prev parent reply	other threads:[~2006-11-27 18:57 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200611270803.kAR81k2Y030892@mail3.jubileegroup.co.uk>
2006-11-27  8:38 ` Watched a DDoS attack for hours and couldn't do much :S G.W. Haywood
2006-11-27 17:16   ` AntiProxy
2006-11-27 18:57     ` Taylor, Grant [this message]
2006-11-27  6:36 AntiProxy
2006-11-27  7:59 ` Danny
2006-11-27  8:03 ` Danny
2006-11-27 17:15   ` AntiProxy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=456B3516.8060309@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.