Is it possible to get a per IP total of SYN packets?
I am trying to implement some policies to block SYN packets if they
exceed a certain threshold (to mitigate SYN Floods), but before doing
that I want to first log all TCP SYN traffic for some time so that I can
get some useful stats out of it and choose the proper thresholds to
avoid false positives.
If anyone has some config snippet that would like to share I would be
Thank you :)
pmacct-discussion mailing list