It would be incredibly handy to build a report that summarizes the number of states open, groups by IP. That way, one could easily identify a DOS origin.
For example, I just had an attacker attempt to open 40,000 simultaneously HTTP sessions on one of my servers. I'd love to be able to see something like this: Proto Source SRC Ports DST Ports TCP 10.0.x.x 40,000 1 TCP 74.1.x.x 16 1 TCP 63.5.x.x 10 1 TCP 152.4.x.x 4 1 Best Regards, Nathan Eisenberg --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org