[pfSense Support] Simultaneous client connection limit / Maximum state entries per host
Hi, I have had a few issues lately compliments of a few machines on our lan been infected with a worm which has caused the state table to be filled. I've increased this to give some more time to react to the problem. I would like to implement the Simultaneous client connection limit / Maximum state entries per host settings to better resolve this problem. My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the option to test only up to a certain amount of connections incase my settings done work at first. Any advice on how to achieve this test would be appreciated, I have various OS's available to run the test from. Thank you in advance for any suggestions. Dominic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 8:21 AM, Dominic dominic@gmail.com wrote: My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the Would this do it? http://www.smallnetbuilder.com/lanwan/lanwan-howto/31103-how-we-test-hardware-routers-revision-3 I've never used it, but it seems to do what you want to do. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 8:28 AM, David Burgess apt@gmail.com wrote: On Mon, Aug 16, 2010 at 8:21 AM, Dominic dominic@gmail.com wrote: My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the Would this do it? http://www.smallnetbuilder.com/lanwan/lanwan-howto/31103-how-we-test-hardware-routers-revision-3 Oops, I guess this would be the link to the actual software: http://www.ixchariot.com/downloads.html db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
Well, I know the Ixia solution works but Chariot is a bit expensive (or it was when I looked.) I've used http://www.nominum.com/services/measurement_tools.php for testing DNS. I seem to remember seeing max concurrent requests before the server falls over from the load. I know I've seen something like it for http too, but it was long enough ago that I don't remember what it was called. I know that someone here tried Nessus (http://www.nessus.org) from behind my dev firewall and that did a great job of flooding the state table. You could also try Nmap (http://nmap.org/), but I don't know if it's really agressive enough to fill a state table. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 12:46 PM, Steve Haavik shaa...@soc.lib.md.us wrote: You could also try Nmap (http://nmap.org/), but I don't know if it's really agressive enough to fill a state table. nmap is among the best quick and easy ways to open a whole bunch of states. It's what I use most of the time when I'm just looking for a lot of states. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
