[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] OpenBSD protect windows update ?

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] OpenBSD protect windows update ?
From: D B <geggam692000@yahoo.com>
Date: Wed, 13 Aug 2003 12:23:01 -0700 (PDT)

wouldnt something like this work in pf to prevent a
syn flood ?



im no expert at this so feel free to modify 


assuming xl0 is windows.update.com
and xl1 is an internal network that serves the updates



set loginterface xl0
set optimization aggressive
set block-policy drop
set limit { states 200000, frags 200000 }

scrub in on $ext_if all fragment reassemble random-id

nat on xl0  from xl1 to any -> xl0
rdr on xl0 proto tcp from any to any port 80 -> x11
port 8080

block in all port 80 flags FUP/FUP

block in quick on x10 proto {tcp,udp,icmp} from any to
any



"....if all else fails, get a bigger hammer."

D B 



__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] recent RPC/DCOM worm thought
Next by Date: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Prev by thread: [Full-Disclosure] Administrivia: List Contact Changes
Next by thread: [Full-Disclosure] NAV (or any AV tool) and MSBlast
Index(es):
- Date
- Thread