On 1/26/06, Chris Buechler <[EMAIL PROTECTED]> wrote: > That kind of looks like a potential DoS or DDoS. That many successive > connections from a single host that never get closed should typically > never happen on a web server. Looks malicious to me, but I'd be curious > to see what others think. > > About how many states per IP do you have? Look through your web server > logs and see what those IP's that are hanging there are attempting to > do, as that might help determine whether it's a legit user or malicious > traffic.
pfSense includes a few features that may make this situation a little better. Modify the firewall rule for the NAT port forward and utilize some of these features from the advanced section of the rule: * Simultaneous client connection limit * Maximum state entries per host * Maximum new connections / per second Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
