Tom Eastep wrote, On 5/17/2013 8:14 AM: > On 05/16/2013 09:50 AM, Michael McCallister wrote: > >> BTW: I realize all bets are off with a DDoS attack - but this one was >> only 50mbit and an application layer attack - I just want to beef things >> up to better handle smaller attacks (like this one) - I am fully aware >> that if they saturate the link, there is nothing you can do. > If you can characterize the attack, I have found that adding NOTRACK > rules in /etc/shorewall/conntrack that match the attack profile is > effective in reducing CPU utilization and conntrack table overflow. > > -Tom
Thanks! I will check that out - that could possibly help for the one place I was unable to lose shorewall due to the sheer complexity of the rules. ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
