On 5/17/13 1:48 PM, "Michael McCallister" <[email protected]> wrote:
>Tom Eastep wrote, On 5/17/2013 8:14 AM: >> On 05/16/2013 09:50 AM, Michael McCallister wrote: >> >>> BTW: I realize all bets are off with a DDoS attack - but this one was >>> only 50mbit and an application layer attack - I just want to beef >>>things >>> up to better handle smaller attacks (like this one) - I am fully aware >>> that if they saturate the link, there is nothing you can do. >> If you can characterize the attack, I have found that adding NOTRACK >> rules in /etc/shorewall/conntrack that match the attack profile is >> effective in reducing CPU utilization and conntrack table overflow. >> >> -Tom > >Thanks! I will check that out - that could possibly help for the one >place I was unable to lose shorewall due to the sheer complexity of the >rules. One correction -- use DROP rules rather than NOTRACK. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
