Eugen Leitl wrote:
On Fri, Nov 07, 2008 at 08:15:36AM -0600, Phillip Gonzalez wrote:
I've seen this happen with nmap decoy scans basically it's a syn
flood. I have generated hundreds of thousands of states using this
method.
Thanks. I've set up state table size to 60 k and occasionally flush
the states manually. It doesn't seem a big problem so far.
Any specific settings I should use for future occurences of syn
flood DoS (assuming, it's a syn flood)?
Instead of using "keep state" on your rules, use "synproxy state".
!DSPAM:491460fc15801648830049!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Commercial support available - https://portal.pfsense.org
