Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What to do about Quasi-Denial of Service


On 27 Oct 2005, at 13:01, Chilton Webb wrote:

Hi Santino,

On Thursday, October 27, 2005, at 04:15AM, Santino <email@hidden> wrote:

At 19:58 -0500 26-10-2005, Chilton Webb wrote:

Hi,

I'm calling it a 'quasi' DoS because I'm not sure exactly what to
call this. It seems someone has a piece of software that is
performing thousands of connections per hour to my BSD sockets-based
server. They're just connecting though, and not transmitting
anything once they connect. No harm has come to the server, it's
just making it difficult to use it for its intended purpose.

What is the correct course of action in a case like this?



Use a firewall and reject connection from that ip.
Santino


That's what I was hoping to do, but can it be done directly from my app? As I understand it, ip6fw is the firewall for OSX. Assuming 192.0.0.3 is the remote IP address and 9878 is the port I'm using, is this the correct syntax for this?

ip6fw add deny tcp from 192.0.0.3 9878

ip6fw is the ipv6 firewall. You want ipfw instead.
Also this will block data originating from port 9878, but you want to block stuff arriving at 9878, so you probably want something more like

                ipfw add deny tcp from 192.0.0.3 to any 9878

Fred
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Carbon-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/carbon-dev/email@hidden

This email sent to email@hidden
References: 
 >Re: What to do about Quasi-Denial of Service (From: Chilton Webb <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.