Hello spenneb,
Friday, September 21, 2001, 9:00:30 AM, you wrote:
>> What kind of problems can I expect by adding 2400 DENY entries to the
>> input chain (using ipchains-1.3.9-3)?
ssd> Performance problems evaluating all those entries. Why do you need 2400 entries?
ssd> Could you give some examples?
Repeating offenders of the Nimda virus (my list has been compiled from
a 5 day data sample). I'm trying to figure out some way to lessen the
bandwidth load that all these scans are creating.
I already have a shell script ready to go containing ~2400 lines of:
/sbin/ipchains -I input -s 208.3.252.37 -j DENY
/sbin/ipchains -I input -s 208.165.50.100 -j DENY
/sbin/ipchains -I input -s 208.242.215.200 -j DENY
...
But, like you said, the performance hit would probably be just as bad
as the scans themselves.
--
Best regards,
Brian Curtis
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
