On Wed, 6 Jul 2005, Adam Thornton wrote: > On Jul 6, 2005, at 4:10 PM, shogunx wrote: > > > Adaptive iptables would do the trick nicely. > > Yeah, what he said. Not necessarily even adaptive: merely limiting > SYN floods with an iptables-based Linux router would probably help a > lot.
True. A static iptables rule denying the offending packets would do the trick. I just had a moment of inspiration on writing a set of scripts that will rewrite the rulechains on the fly in such events. Scott > > Adam > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
