On 7/18/05, Jason Landry <[EMAIL PROTECTED]> wrote: > > My thought was something along these lines: > > If W connections are attempted through X ports within Y minutes, block > the source /24 subnet for Z minutes. >
That's a really good way to make yourself wide open to a really easy DoS attack. Think 'spoof W connections to you from a ton of /24 subnets', and if you need any inbound traffic from the internet, you've just let somebody disconnect you. there are definitely better solutions, like the ones Holger mentioned, that won't leave you (as) wide open to DoS. One or multiple ones will make it in eventually. -cmb --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
