To many dynamic rules created by infected machine
Eric W. Bates
ericx_lists at vineyard.net
Tue Sep 14 11:52:06 PDT 2004
Friends run an IT business and I helped build them a firewall using ipfw.
The box has multiple interfaces; one of which is untrusted and it is
where they put suspect machines (customer boxes with high likelihood of
viruses and other evil Windoze ailments).
Their network is well protected; however there is now an inadvertent DOS
when a particularly virulent machine performs a sweep attack on some
block of IP, because we have a check-state/keep-state.
Sep 11 16:00:01 <kern.crit> hostname /kernel: ipfw: install_state: Too
many dynamic rules
Is there a way to limit the number of rules a given host can create in x
number of minutes?
Thanks for your time.
--
Eric W. Bates
More information about the freebsd-net
mailing list