On Mon, Aug 20, 2012 at 12:07 PM, Kevin Wilcox <kevin.wil...@gmail.com> wrote:
> Rather than block on the number of states, take a look at dropping
> based on the number of connections over some time delta.
>
> Specifically, max-src-conn and max-src-conn-rate.

Anything based on the source address is ineffective as the number of
attack packets from any given IP is very low (frequently 1 if they are
forged).

The goal for us is to clamp down on attacks directed at a given IP
quickly and effectively enough that only that IP is affected.

Thanks.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Reply via email to