Blocking DOS using arp
Jez Hancock
jez.hancock at munk.nu
Thu Dec 4 14:04:31 PST 2003
Hi,
Currently seeing an abnormal amount of http traffic consisting of only
tcp syn packets according to snort.
My main question is how can I block inbound traffic from a given host
using arp?
Related question:
I've added block rules for the offending hosts in my ipf rule list, but
snort still sees traffic from these hosts after restarting ipf to
include the new block rules - why is this?
TIA
--
Jez Hancock
- System Administrator / PHP Developer
http://munk.nu/
More information about the freebsd-questions
mailing list