Date: Sun, 23 Sep 2001 21:01:16 -0400 From: Mike Tancsa <mike@sentex.net> To: Chris BeHanna <behanna@zbzoom.net> Cc: security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <5.1.0.14.0.20010923205904.03bb7bb8@192.168.0.12> In-Reply-To: <20010923205118.Y52704-100000@topperwein.dyndns.org> References: <200109230836.f8N8akx29012@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:57 PM 9/23/2001 -0400, Chris BeHanna wrote: > The trouble with triggering ipfw/ipchain rules is that as the >ruleset gets large, network performance gets slow (rulesets are >searched linearly). A nice compromisse would be to gather statistics >on the attackers and just firewall out the top 10 or 20 or so. Another option is to null route the IP address-- e.g. add a /32 route to ds0. One problem with this and blocking in general is that in some cases, the infected machines are from dynamic IP addresses. You would be punishing innocent users. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010923205904.03bb7bb8>