sangbsy wrote: > Hi Brad, > > Is it possible to Drop dissimilar packets continuously coming from a > particular IP or connection to the firewall ?; In a situations like > somebody tries port scans etc. >
There are some bits of software out there that set up logging hooks into your firewall (via the -j LOG) target and scanning the syslog that then place defensive firewall rules in place if they detect you are being scanned or ddos'd. How paranoid are you? Frankly I think they are more trouble than they are worth. You can do a quick and dirty by rate limiting your connection to 1 per xx seconds wiht a burst, and anything over that gets dropped on the floor. That may be useful if you are on a fast connection. Anything for home use, it's not worth the effort except it may confuse the port scanner. Frankly when I want to scan someone I use syn scans and never more than 1 per 30 secs.. Not likely to raise a peep on a firewall alarm. Brad -- "Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so." -- Douglas Adams
