Paul Vixie wrote:
i only use or recommend operating systems that have their own host based
firewalls. soon that will mean pf (from openbsd but available on freebsd)
pf's tables are nifty too btw :)
pfsense, which is FreeBSD + pf, also has a port of snort IDS available.
Provided the OP has a signature of the attack he can match on, there's a
wholly open-source solution (I know snort can be configured inline to
drop packets on a filtering bridge, but of course you've got the
problems of half-open connections accumulating as well as the potential
for migration to https).