On Sat, 1 Oct 2005, Bob Beck wrote: > > If I had a dollar for every time some mouth breathing twit did > that here well, I could at least buy some very good bottles of wine. > > Upgrade the firewall to use the state limits and the overload > table, then filter the overload table and rdr web connections from it > to a web page that says basically "you have a virus you fucktard. fix it > and it'll work again." put a cron job that flushes the overload table > every few hours - or if you're really clever make a button on the web > page they can poke to remove their machine from the table - if they do it > before they clean the machine they just go right back in. > > -Bob
Hi Bob We're in the process of upgrading to 3.8, have the hardware, now have the time. There aren't any users on the system, it's a Windows domain controller. Why it was there I don't know, in fact they didn't seem that concerned about pulling it off the network. I thought about adding a cron job to flush the state table and or increasing the state table max value, but it was such an egregious (for Ed that means "conspicuously and outrageously bad or reprehensible") problem. Filling up the stock state table setting in 2 seconds meant I needed to troubleshoot and fix the problem now. Seeing all the fragments in the state table really concerned me also, in fact that's all that was filling up the state table. I've seen the same problem at my day job on our network and it's never been a good thing. Hope things are going well for you, diana
