From owner-freebsd-pf@FreeBSD.ORG Wed Jun 23 19:18:51 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 504D3106564A for ; Wed, 23 Jun 2010 19:18:51 +0000 (UTC) (envelope-from britneyfreek@googlemail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id DB3D58FC13 for ; Wed, 23 Jun 2010 19:18:50 +0000 (UTC) Received: by wwb24 with SMTP id 24so1011949wwb.13 for ; Wed, 23 Jun 2010 12:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:references:from:in-reply-to :mime-version:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=Yt75EYvqOy5heh2Z6j5rmGTXMq4Y4KI5IraZVtEvUTY=; b=rpXM5UPGN5AQ/LAg3+7KbWfVgztz2sCkOl3cTU8DBvSUQms8EH1T2BnjBfeaQ5in8v WXcZzGOrKhB7XMlPow+YI951ryfk7YZkppNt0XrcFekmUa7zfL2lQUPDRURjUEAEuFIi MNCD8GLB/LaQPZ3ej//FjLwU9i85RrpxezkGw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=mrFWixfavML1dKwI4/UUy55OX4E+7vF8Pvponoxyj8qvyO8MqLnZOKyz4Vzia11Q0k smTqfcJUHURP3Wt6sCgbINCckdZS1ZwnHOjo/UJK0yOYpOhbgOO+XfCITUGDeX7gnbXq HuPw95KA5gNAbwgfINNouhgPfyHdN3lwyqSd8= Received: by 10.227.141.137 with SMTP id m9mr8179941wbu.202.1277320729828; Wed, 23 Jun 2010 12:18:49 -0700 (PDT) References: From: no name In-Reply-To: Mime-Version: 1.0 (iPhone Mail 7D11) Date: Wed, 23 Jun 2010 21:18:35 +0200 Message-ID: <7114830758496124649@unknownmsgid> To: claudiu vasadi Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-pf@freebsd.org" Subject: Re: can pf block a string ? or better, to limit it ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2010 19:18:51 -0000 i can't recall it, was dc tcp or udp based? however, you could try to limit the number of possible connections in a specific time frame. using linux, you could even use the l7 ipfilter extension to inspect a packet's payload and do some limiting based on that. ... just some thoughts. --- =E2=80=9CYour time is limited, so don't waste it living someone else's life= . Don't be trapped by dogma - which is living with the results of other people's thinking. Don't let the noise of other's opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.=E2=80=9D - Steve Jobs Am 23.06.2010 um 20:30 schrieb claudiu vasadi : > Hello fellas, > > > system: freebsd 8.0 with pf > > > A couple of years ago I wanted to limit a string with pf and I could > not > find a way to do it. > > Back in the day, I was running a dc++ software on FreeBSD and the most > common way of flood was this "string attack". The idea was simple: > more than > "x" number of packages containing this "string" =3D dc++ software > stuck. I > remember a friend of mine was able to limit the number per second to > something but I was unable to do the same in pf. Back then I was using > FreeBSD6.2 but I can't find a way to do it even now. > > > Can someone shed some light ? Were you trying something similar ? > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"