Abdullah Ibn Hamad Al-Marri wrote: > Hello, > > I would like to block ICMP and UDP flooders who exceed a reasonable number. > > #- Rate Limit UDP (150 per host) > pass proto udp to any port $udp_services keep state > pass in quick proto udp from any to any \ > keep state \ > (max-src-conn 1,max-src-states 151, \ > overload <DDoS> flush global) > > #- Rate Limit ICMP (10 per host) > pass in quick proto icmp from any to any \ > keep state \ > (max-src-conn 1,max-src-states 11, \ > overload <DDoS> flush global)
I think ICMP and UDP can have their originating address forged, so this will effectively construct a true remote triggerable DoS... Cheers, -- Xin LI <[EMAIL PROTECTED]> http://www.delphij.net/ FreeBSD - The Power to Serve!
signature.asc
Description: OpenPGP digital signature
