I'd like to get some input about if any of you use Active Response on a public facing web server. If so, then do you tweak the rules, or use the default settings? In particular, I have two concerns:
1. One malicious person or bot behind a NAT could make my web server unavailable to everyone else behind the same NAT. 2. With IP spoofing, a DoS method could be to programatically attack the web server while spoofing perhaps hundreds of thousands of IP addresses. Since my web site is specific to my county, it would not be difficult for an attacker to limit his spoofs to the IP ranges owned by the two most prominent ISP's in the area. Thanks, Toby
