francisco ([EMAIL PROTECTED]) wrote: > Han wrote: > > > So my suggestion would be to put in triggers in pf that would go of > > at certain levels that would indicate a ddos, after which logging > > and return-rst is disabled. Perhaps pflog could go in another mode > > that gathers much less detailed info. > > this may lead to an attacker DDoS'ing your firewall so as to break > into your network while no/few logs are being kept. seems very risky; > it's safer to have a slow network on which you know what's happened > than a fast network on which you don't.
Ahem. I could not even do anything in a console. I had to pull out the plug. And within 5 minutes my /var partition was full. Can't imagine that that can be usefull. I had all the logs I ever wanted of this attack and a lot more. And I had to get online again and be able to use my machine. And to rid the #openbsd-channel of that pest. Of course I am not suggesting a permanent stop of logging. Looks like you never have been ddossed. // Han
