-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
after a DOS attack started against a djbdns server I run on
OpenBSD-current earlier this week I started attempting to use the
"overload" keyword attempting to mitigate the issue.
so I inserted the following in pf.conf and while it loads up it doesnt
seem to work ie pfctl -Tshow -t bruteforce is empty
table <bruteforce> persist
block quick from <bruteforce>
block in log
pass inet proto udp from any to port 53 \
keep state \
(max-src-conn 15, max-src-conn-rate 5/15, \
overload <bruteforce> flush global)
any ideas from the list(I noticed all the official examples were of
tcp and didnt notice icmp or udp in any example claimed to be working)?
Does the overload keyword apply only to TCP or is there something I am
NOT understanding here about UDP and pf?
thanx all in advance
gwen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSXtqQ6iRFbpCqiTVAQJY0A//d3ttkFYik7wWIbaUEHn7Ebbg3BWYjvHj
JN/hkonN+OUEisA2TsnfFQdk/EizhsOa4qegFmIdUPhzfmSCEUTI+ZQpIvjwsnOV
jAo7xyupDLeOwzYrMRS18S/CfA8JzXZbxx+dHFDsX7dzyQMw9Rkf826QLS3eB9Py
tCz2SrNGyDuqVE9xK9tLIt7pp8JsooAMAr5iUpSqGmDfEQ710Ae6u+yN75x0fcWW
MWiZ6mg4A75SMU2eCS76f/id4d46Q3qHWTy8CiJ7JKWW9dLvWJKOOIMb1OpWmZ01
ydj5PbROq36b0PGIpd073qk+VCkZBFibNrMrricNJ+ZnU7MI9J2cQ1y/K/3pSZxX
Gstu3mMlG6xiKRAFcahH/Ingo3jNiJ0B8q7F+DFVdQdcN/nxtO+W2ZjX+Tiuhz6/
5jVE4GorivB49k8VTPyjUnzkAKpaBI6JDoy0kOiozo18f0YsEIYN+RRmVoetRunF
M8jk8RJNYeulF2Qoo5Zlxr3x76YL62i/lD0i/8Xdfbz9jLGkZRufmW4rDoTaOvzr
fd3UyNQ5JrUFOCqphrC/393ZJAsOEuG1gDosHJEg2Q8Bdkx0lrNtSf8fMh968EwI
JGyHoroVNJtfXJrxMaqg7Fdh57SU48ydwvuFmQ+HCOC2Fmr1Mr45ggzS2h58oFD2
1fbHbg5EMcc=
=L803
-----END PGP SIGNATURE-----
