Date: Thu, 4 Dec 2003 22:04:25 +0000 From: Jez Hancock <jez.hancock@munk.nu> To: FreeBSD Questions List <freebsd-questions@freebsd.org> Subject: Blocking DOS using arp Message-ID: <20031204220425.GB18124@users.munk.nu>
next in thread | raw e-mail | index | archive | help
Hi, Currently seeing an abnormal amount of http traffic consisting of only tcp syn packets according to snort. My main question is how can I block inbound traffic from a given host using arp? Related question: I've added block rules for the offending hosts in my ipf rule list, but snort still sees traffic from these hosts after restarting ipf to include the new block rules - why is this? TIA -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204220425.GB18124>