WAN
This is on a home network. On WAN interface, I want to share what
categories I am blocking in hopes of someone pointing out an obvious,
glaring omission and in hopes of others sharing their 'tweaks.' There is
no real logic to these selections except they sound nice to block on the
WAN interface.
WAN CATEGORIES
* botcc.rules
* botnet-cnc.rules
* content-replace.rules
* dos.rules
* drop.rules
* emerging.activex.rules
* emerging-compromised.rules
* emerging-dos.rules
* emerging-exploit.rules
* emerging-imap.rules
* emerging-inappropriate.rules
* emerging-malware.rules
* emerging-netbios.rules
* emerging-rbn.rules
* emerging-scan.rules
* emerging-trojan.rules
* emerging-virus.rules
* emerging-web_client.rules
* emerging-worm.rules
* phishing-spam.rules
* spyware-put.rules
* virus.rules
* web-attacks.rules
LAN CATEGORIES
I have the LAN interface also setup but no blocks - just alerts.
* bad-traffic.rules
* botcc.rules
* botnet-cnc.rules
* emerging-exploit.rules
* emerging-netbios.rules
* emerging-trojan.rules
* emerging-user_agents.rules
* emerging-virus.rules
* spyware-put.rules
* virus.rules
RAM
I had to juggle categories to keep memory usage to a reasonable level. I
had to back off from the best memory performance to 'AC-STD' for the
same reason. The system is a D510 Atom Supermicro server with 4 GB RAM.
System status shows 38% memory usage.
COUNTRY BLOCK
I am also blocking all countries except USA, Canada and Germany.
POST ALERTS AND BLOCKS
I can post those if anyone wants...
Mehma
