On 05/16/2013 09:50 AM, Michael McCallister wrote: > BTW: I realize all bets are off with a DDoS attack - but this one was > only 50mbit and an application layer attack - I just want to beef things > up to better handle smaller attacks (like this one) - I am fully aware > that if they saturate the link, there is nothing you can do.
If you can characterize the attack, I have found that adding NOTRACK rules in /etc/shorewall/conntrack that match the attack profile is effective in reducing CPU utilization and conntrack table overflow. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
