Date: Sun, 23 Sep 2001 21:01:16 -0400 From: Mike Tancsa <mike@sentex.net> To: Chris BeHanna <behanna@zbzoom.net> Cc: security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <5.1.0.14.0.20010923205904.03bb7bb8@192.168.0.12> In-Reply-To: <20010923205118.Y52704-100000@topperwein.dyndns.org> References: <200109230836.f8N8akx29012@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:57 PM 9/23/2001 -0400, Chris BeHanna wrote:
> The trouble with triggering ipfw/ipchain rules is that as the
>ruleset gets large, network performance gets slow (rulesets are
>searched linearly). A nice compromisse would be to gather statistics
>on the attackers and just firewall out the top 10 or 20 or so.
Another option is to null route the IP address-- e.g. add a /32 route to
ds0. One problem with this and blocking in general is that in some cases,
the infected machines are from dynamic IP addresses. You would be
punishing innocent users.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010923205904.03bb7bb8>