To many dynamic rules created by infected machine
Julian Elischer
julian at elischer.org
Tue Sep 14 11:56:58 PDT 2004
how about preceeding the keep-state rule with some specific rules
against that machine..
(or turning it off)? what KIND of sweep?
Eric W. Bates wrote:
> Friends run an IT business and I helped build them a firewall using ipfw.
>
> The box has multiple interfaces; one of which is untrusted and it is
> where they put suspect machines (customer boxes with high likelihood
> of viruses and other evil Windoze ailments).
>
> Their network is well protected; however there is now an inadvertent
> DOS when a particularly virulent machine performs a sweep attack on
> some block of IP, because we have a check-state/keep-state.
>
> Sep 11 16:00:01 <kern.crit> hostname /kernel: ipfw: install_state: Too
> many dynamic rules
>
> Is there a way to limit the number of rules a given host can create in
> x number of minutes?
>
>
> Thanks for your time.
> --
> Eric W. Bates
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list