:My problem is that every time I add a new rule to the top, a new kind of
:attack is used, and gets through just fine - so I have 12K packets/s
:coming through all 300 rules of mine no matter what I put in :)
:
:thanks again for your help and comments.
If attacks are a predominant problem for you, I recommend sticking a
machine in between your internet connection and everything else whos
ONLY purpose is to deal with attacks. With an entire cpu dedicated
to dealing with attacks you aren't likely to run out of CPU suds (at least
not before your attackers fills your internet pipe). This allows you
to use more reasonable rulesets on your other machines.
Also, having a machine in the middle gives you a platform which you
can dedicate not only to attack surpression, but also attack analysis.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
