On Feb 1, 2008, at 1:30 AM, Peter N. M. Hansteen wrote:
Darrin Chandler [EMAIL PROTECTED] writes:
Depending on the traffic patterns of legit vs. attack the
following idea
might work... use max-src-* with values that may create false
positives
and overload into table candidates which will
On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote:
One thing I continually run into on the machines are port 80 attacks
or floods. I'd like to do something similar with PF as I'm already
doing for other protocols to overload these into a table and block
them, but I'm finding it very
Hello,
I've been successfully using the max-src-conn and max-src-conn-rate
with an overload into a table that I block for our external firewall
that protects a few dozen (mostly Sun) web servers. As it stands it
works great for blocking ssh, ftp, smtp and several other protocols
when there are
sweet idea.
:-)
-Original Message-
From: Darrin Chandler [EMAIL PROTECTED]
To: Cache Hit [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: PF - using overload for port 80 attacks/floods
Date: Thu, 31 Jan 2008 11:11:25 -0700
Mailer: Mutt/1.5.16 (2007-06-09)
Depending on the traffic
Since you already stated you have valid clients which could open many
connections at once it seems pf might not be the right solution.
Have you thought about using a reverse proxy server in front of your web
servers?
A program like Pound would allow you to specify valid URL regular
expressions
Darrin Chandler [EMAIL PROTECTED] writes:
Depending on the traffic patterns of legit vs. attack the following idea
might work... use max-src-* with values that may create false positives
and overload into table candidates which will still PASS. Now use
different values for max-src-* on
6 matches
Mail list logo