On Wed, 2003-03-26 at 21:01, James Sparenberg wrote:
On Wed, 2003-03-26 at 12:28, Mark Weaver wrote:
Dave Laird wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Good morning, Pierre...
On Saturday 15 March 2003 06:19 am, Pierre Fortin wrote:
I may have a look at the code; but rather than "strings", I would think quick-exit protocol-diving would be a better approach... but that's just me...
No, you're very right. I've let the box running strings under IPTables run
for nearly 12 hours, and I think your conclusions about it are pretty
accurate. It bogs down the system, particularly because it is only running
64M of memory. However, I added a few sticks of SDRAM this morning and
compared it to last night's performance, and I didn't see that much
difference. However, when I compared the overall performance of the box with
another identical box running standard IPTables, I still noticed a
performance hit.
I'm not that enamored of the idea. Back to the drawing board. Thanks to
everyone who gave input to this idea. It *does* block strings from Code Red,
but at a pretty substantial performance hit.
Dave
I know this is late in the thread, but I've found adding a REWrite rule to httpd.conf to be the ticket! I haven't seen any, and I mean None of the M$ crud in my logs since. There has been zero (0) performance drop on this AMD 233/ 128MB SDRAM box since taking this action.
Mark,
Care to explain to the terminally dense (me) what a REWrite rule is? please.
James
Just like I posted at the beginning of this thread, lo these many weeks ago :-) http://www.monkeynoodle.org/lrp/deworming.html
It's been kind of entertaining watching Dave and Mark go off in search of the most difficult way to do it while ignoring that URL until they finally snipped it out... that is, when I've had time to notice. Brutally busy week and I'm going to bed now.
O nay... that was the very first thing I did. Went right to the URL you so gracefully posted and snatched up the treasure on the other end. I immediately made it part of my httpd.conf and it's working wonderous, lovely things for my machine at no cost to me. :) LOVE IT!!
thanks a ton Jack!
-- Mark ----------------------------------------------------------- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 & 9.0
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
