From owner-freebsd-pf@FreeBSD.ORG Wed Jun 14 10:12:56 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AECBC16A47E for ; Wed, 14 Jun 2006 10:12:56 +0000 (UTC) (envelope-from vladgalu@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31A8043D5F for ; Wed, 14 Jun 2006 10:12:52 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by wr-out-0506.google.com with SMTP id i23so80830wra for ; Wed, 14 Jun 2006 03:12:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RHp4kdqHad50ZWzsDS+AouaUflGTWsQsWsm6VBGRW33aJqv6UC5z0X1AjFNBxgViZ5y4bjuz3k71EE6kSO83KVe9sfeqpvBZtRIiadxov0l7HSnNAEahk502jJ61TPiS33sRZt5mbbxYPJ7VeiQRzc0awMucdaytc6rEXn4a+gA= Received: by 10.54.101.16 with SMTP id y16mr474222wrb; Wed, 14 Jun 2006 03:12:51 -0700 (PDT) Received: by 10.54.129.18 with HTTP; Wed, 14 Jun 2006 03:12:30 -0700 (PDT) Message-ID: <79722fad0606140312i569cf55dsc84b9cb17ce692bc@mail.gmail.com> Date: Wed, 14 Jun 2006 13:12:30 +0300 From: "Vlad GALU" To: freebsd-pf@freebsd.org In-Reply-To: <44B619B7.9050100@int-evry.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44B619B7.9050100@int-evry.fr> Subject: Re: PF+ALTQ as Anti-DoS? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 10:12:56 -0000 On 7/13/06, Florent Thiery wrote: > Hi, > > I'm having trouble finding information related to the use of altq as DoS > mitigation technique... Do you have any interesting pointers ? If you have enough memory, synproxy + max-src-states + max-src-conn is a great triplet. > > Thanks in advance > > Regards > > FLorent Thiery > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.