Re: preventing dos attacks with pf
On Thu, Sep 02, 2004 at 04:16:40PM +0200, Wolfgang Pichler wrote: an hour ago i was hit by a sort of dos attack (someone sent nearly 20 mails to our mail addresses in the form of [EMAIL PROTECTED]). I've now googled around to see if its possible to limit the number of connections from one ip with pf - but havn't found something useful. Can someone please point me to the right direction ? Look at the pf.conf manpage, especially for source-track and max-src-states
Re: preventing dos attacks with pf
On Thu, 2004-09-02 at 10:16, Wolfgang Pichler wrote: hi all, an hour ago i was hit by a sort of dos attack (someone sent nearly 20 mails to our mail addresses in the form of [EMAIL PROTECTED]). I've now googled around to see if its possible to limit the number of connections from one ip with pf - but havn't found something useful. Can someone please point me to the right direction ? Thanks regards, Wolfgang man 5 pf.conf read the section titled STATEFUL TRACKING OPTIONS you appear to be asking for the functionality of: max-src-states Limits the maximum number of simultaneous state entries that a single source address can create with this rule. -j =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Time is an illusion, lunchtime doubly so. -- The Hitchhiker's Guide to the Galaxy =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Re: preventing dos attacks with pf
All three of keep state, modulate state and synproxy state support the following options: max-src-states Limits the maximum number of simultaneous state entries that a sin- gle source address can create with this rule. On Thursday 02 September 2004 08:16 am, you wrote: hi all, an hour ago i was hit by a sort of dos attack (someone sent nearly 20 mails to our mail addresses in the form of [EMAIL PROTECTED]). I've now googled around to see if its possible to limit the number of connections from one ip with pf - but havn't found something useful. Can someone please point me to the right direction ? Thanks regards, Wolfgang -- John R. Shannon [EMAIL PROTECTED]
preventing dos attacks with pf
hi all, an hour ago i was hit by a sort of dos attack (someone sent nearly 20 mails to our mail addresses in the form of [EMAIL PROTECTED]). I've now googled around to see if its possible to limit the number of connections from one ip with pf - but havn't found something useful. Can someone please point me to the right direction ? Thanks regards, Wolfgang