Date: Fri, 15 Jun 2001 13:53:25 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Re: apache security question Message-ID: <20010615134459.R25403-100000@achilles.silby.com> In-Reply-To: <20010615125253.B75938@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Jun 2001, Karsten W. Rohrbach wrote: > ratelimiting turned out to be too relaxed for several servers i got in > the field. was this changed from 4.2 to 4.3? It changed a bit, contact me via private e-mail with info on what it wasn't able to handle and we'll see if we can enhance it. > i did not want to say that blackhole(4) is a replacement for ipf(4). > since the b0rkedness of the rule parser, ipfw(4) is not an option > anymore for me. try mathing multiple destination ports in one rule :-/ > > > > > So... don't worry about it. (Or filter upstream if you are being attacked > > and are forced to worry about it.) > > that's exactly what i wrote in the original mail, would it not have been > removed. Oops, guess I got too cut happy. Sorry. > > * Some attack tools have recognizeable signatures, you could block those > > with ipfw. > > oh, yes, and snort or similar things on a gateway in front of it to see > new ones ;-) I should really check out that program one of these days. I must be one of the few to not yet use it. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010615134459.R25403-100000>