On Fri, 21 Sep 2001, Brian Curtis wrote:
> Hello spenneb,
>
> Friday, September 21, 2001, 9:00:30 AM, you wrote:
>
> >> What kind of problems can I expect by adding 2400 DENY entries to the
> >> input chain (using ipchains-1.3.9-3)?
>
> ssd> Performance problems evaluating all those entries. Why do you need 2400 entries?
> ssd> Could you give some examples?
>
> Repeating offenders of the Nimda virus (my list has been compiled from
> a 5 day data sample). I'm trying to figure out some way to lessen the
> bandwidth load that all these scans are creating.
>
> I already have a shell script ready to go containing ~2400 lines of:
>
> /sbin/ipchains -I input -s 208.3.252.37 -j DENY
> /sbin/ipchains -I input -s 208.165.50.100 -j DENY
> /sbin/ipchains -I input -s 208.242.215.200 -j DENY
> ...
>
> But, like you said, the performance hit would probably be just as bad
> as the scans themselves.
I really don't think ipchains, or any other packet filtering firewall is
going to make much difference in terms of bandwidth. The packets are still
transmitted, regardless, they are just dropped by the kernel. However it
will help your web server from getting pounded and generating huge logs,
and may help a little in terms of bandwidth, in that the web server won't
be sending back a 404 error code everytime.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
