promt solution with max-src-conn-rate
Travis H.
solinym at gmail.com
Tue May 16 05:04:53 UTC 2006
I also have plans to write a sniffer to detect this kind of misuse
without log-parsing, and the idea is to implement it at your gateway
choke-point so it can detect it against any inbound connection,
regardless of the ultimate source. Sorry to mention vaporware, but
I'm pretty close to finishing it -- I have a sniffer that detects
bittorrent traffic behind NAT and sets up rdr rules to support it.
It's also a logical step to do port knocking (a/k/a single packet
authentication) by sniffing the pflog interface and capturing the full
content of blocked packets. I intend to do that as well.
--
"Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
More information about the freebsd-pf
mailing list