can pf block a string ? or better, to limit it ?
Peter Maxwell
peter at allicient.co.uk
Wed Jun 23 20:39:58 UTC 2010
Hmmm, off the top of my head: I wonder if you could use Snort and have that
do full packet inspection for you. Then you should be able to script an
alert if the string is found and call pfctl to add the offending IP address
to a table that blackholes it. Just a thought.
Or if you want to do it "properly", I'm sure you could code something along
the lines of a kernel module.
On 23 June 2010 20:30, claudiu vasadi <claudiu.vasadi at gmail.com> wrote:
> On Wed, Jun 23, 2010 at 9:18 PM, no name <britneyfreek at googlemail.com
> >wrote:
>
> > i can't recall it, was dc tcp or udp based?
> >
>
>
> "dc" ????
>
>
> The number of possible connections in a specific time frame does not help
> if I have ~200-500 authentications requests/sec and I get 100-300 attacks
> (D/DOS) per sec. I thought about that one long ago, and no matter on which
> side I turn the problem, I always end up at the "impossible to filter
> strings" wall.
>
> I know iptables can do it but a couple of months ago when I was asked to
> conf. a linux box I went completely mad trying to learn iptables's syntax
> (god it's ugly). This is why I would prefer to avoid linux here. Plus, I'm
> dealing with pf way longer than iptables and linux for that matter (it was
> ~6 years ago when I worked with linux last time)
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list