Re: FreeBSD DDoS protection
Please read the rest of the thread before criticizing.
On Feb 13, 2013, at 9:58 AM, "Matthew X. Economou" <xenophon@irtnog.org> wrote:
> khatfield@s... Writes:
>>
>> The less you do with the firewall (routing/blocking/inspecting) the
>> better.
>>
>> Drop drop drop ;)
>
> I think this is really bad advice. A firewall should return
> destination-unreachable/reset packets for administratively prohibited
> traffic types. Drops, null routes, etc. should only be used in case of
> emergency like ongoing DoS attacks or for special cases like stealth
> firewalls.
>
> --
> I FIGHT FOR THE USERS
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 14 之 14 篇):