Hello, Is it possible to get a per IP total of SYN packets?
I am trying to implement some policies to block SYN packets if they exceed a certain threshold (to mitigate SYN Floods), but before doing that I want to first log all TCP SYN traffic for some time so that I can get some useful stats out of it and choose the proper thresholds to avoid false positives. If anyone has some config snippet that would like to share I would be grateful :) Thank you :)
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
