Date: Thu, 16 Jan 2003 14:26:52 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: Nate Williams <nate@yogotech.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: FreeBSD firewall for high profile hosts - waste of time ? Message-ID: <200301162226.h0GMQqMQ024451@apollo.backplane.com> References: <20030116141047.A38599-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:My problem is that every time I add a new rule to the top, a new kind of
:attack is used, and gets through just fine - so I have 12K packets/s
:coming through all 300 rules of mine no matter what I put in :)
:
:thanks again for your help and comments.
If attacks are a predominant problem for you, I recommend sticking a
machine in between your internet connection and everything else whos
ONLY purpose is to deal with attacks. With an entire cpu dedicated
to dealing with attacks you aren't likely to run out of CPU suds (at least
not before your attackers fills your internet pipe). This allows you
to use more reasonable rulesets on your other machines.
Also, having a machine in the middle gives you a platform which you
can dedicate not only to attack surpression, but also attack analysis.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301162226.h0GMQqMQ024451>