blocking a string in a packet using ipfw
Willem Jan Withagen
wjw at withagen.nl
Fri Sep 15 04:52:05 PDT 2006
Julian Elischer wrote:
>> Forgot to mention: 4.7-PRERELEASE :(
> ugh... no tables
> and 45000 lines will be bad.
> load an old PC with 6.2
> and seet it up as a bridge with 2 interfaces.
> and use ipfw table to filter on the bridge
If I could have easy access to the box, that would be the sollution. But the
box is in Amsterdam in a Colo, and currently the rack is fully loaded. And
we're not allowed to leave stuff standing outside the rack.
For now the storm generated by the virus has calmed, because the DNS address
used was one that was easily changed without penalties of sites getting
unavialable. So setting that to 127.0.0.1 solved quite a lot. It still took a
few hours to actually pickup every where. Over that time I collected over
50.000 IP's which all ended up in IPFW. :) The box (PIII, 750 Mhz, 512Mb)
started using a lot of system and interrupt time, but it survived it all.
Only to find out that it got whacked this morning again but now in some
phpbb's, where they uploaded something like 45.000 viagra/spam messages. :(
But fortunately this convinced the customer that he really should upgrade both
hardware and software. Something I've been asking for as long as I've set eyes
on this server. Probably the hours now spent in repairing etc. could have
better be invested in a new server.
More information about the freebsd-net