On Mon, Aug 20, 2012 at 12:23:15PM -0400, J David wrote: > Anything based on the source address is ineffective as the number of > attack packets from any given IP is very low (frequently 1 if they are > forged).
Why not use synproxy state? > The goal for us is to clamp down on attacks directed at a given IP > quickly and effectively enough that only that IP is affected. How does it improve the situation for another destination? The attacker will not immediately stop, the TCP SYNs will continue to flood in. You're saying your uplink's downstream isn't saturated by them? If so, what other resource are you trying to protect? Daniel _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
