Date: Tue, 14 Sep 2004 11:56:54 -0700 From: Julian Elischer <julian@elischer.org> To: "Eric W. Bates" <ericx_lists@vineyard.net> Cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine Message-ID: <41473EF6.8030201@elischer.org> In-Reply-To: <41473DD3.7030007@vineyard.net> References: <41473DD3.7030007@vineyard.net>
next in thread | previous in thread | raw e-mail | index | archive | help
how about preceeding the keep-state rule with some specific rules against that machine.. (or turning it off)? what KIND of sweep? Eric W. Bates wrote: > Friends run an IT business and I helped build them a firewall using ipfw. > > The box has multiple interfaces; one of which is untrusted and it is > where they put suspect machines (customer boxes with high likelihood > of viruses and other evil Windoze ailments). > > Their network is well protected; however there is now an inadvertent > DOS when a particularly virulent machine performs a sweep attack on > some block of IP, because we have a check-state/keep-state. > > Sep 11 16:00:01 <kern.crit> hostname /kernel: ipfw: install_state: Too > many dynamic rules > > Is there a way to limit the number of rules a given host can create in > x number of minutes? > > > Thanks for your time. > -- > Eric W. Bates > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41473EF6.8030201>