Re: Ping flood attacks

["Aaron D. Turner" <aturner best com>]

-----BEGIN PGP SIGNED MESSAGE-----


First, either from your logs or via a sniffer get the IP address of the
attacker (if possible- this may be a spoofed IP).  Find out what ISP the
*sshole is using and use whois to call their ISP.  Most ISP's will
terminate the account immediately.  Your ISP should be able to help track
the perp down.

Second, setup some ACL's to prevent people from pinging your box.  If you
can't your ISP should be able to do it for you.

Third, see if there is a fix for your MUD server to prevent it from being
attacked.  Things like TCP wrappers won't help you here.

Go to Red Hat's FTP site and upgrade *all* your RPM's.  Many have security
fixes.

Read the Security-HOWTO (part of the LDP).  Do what is says.

- -- 
Aaron Turner           | Either which way, one half dozen or another. 
aturner pobox com      | Check out the Red Hat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed.  Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8


On Mon, 7 Dec 1998, Ed Lazor wrote:

> 
> I help support a linux box (RedHat 5.2) that we used to run games off of.
> We had to ban someone because of problems.  They are striking back now by
> having one of their "hacker" friends ping flood our system.  The guy is also
> rebooting a mud that we run on the server from port 4000 and rebooting the
> machine itself every once in a while.  Is there something we can do?  How
> would you guys go about dealing with the menace?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNmy3xzM3jpXy1kJtAQF5GwQAvEMdv1T4BainMccNGUIAN6FHqsBNCYA3
+Kb0Nf6pSPjzs65CgFQTZ5RQIR3C4SxKoQaBSogNgW/l8NzZOv2VA4FtTgOPFOE5
1kdUUV/ifrQoF8MPiU8N5oZEmochO9zjXt5BtHk5EhrggLNFc7A9HdboqJvt3AVG
Naruu+vPnZE=
=GT2G
-----END PGP SIGNATURE-----