RE: [Snort-users] tcp flood
This is a discussion on RE: [Snort-users] tcp flood within the Snort forums, part of the System Security and Security Related category; I am looking at the iptables but I can't find a way to block based on throttle per ip, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-08-2005
|
|||
|
|||
RE: [Snort-users] tcp flood
I am looking at the iptables but I can't find a way to block based on
throttle per ip, only for the whole type of connection. -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Matt Kettler Sent: Monday, March 07, 2005 5:13 PM To: SN ORT; snort-users@lists.sourceforge.net Subject: Re: [Snort-users] tcp flood At 03:25 PM 3/7/2005, SN ORT wrote: >You can rate-limit on just about any Cisco device >(including PiX) to limit DoS attacks, including TCP >SYN attacks, by using access-lists with rate-limit >commands. Look to your Internet routers to stop the >attacks. Marc, The Cisco PiX OS as of the most recent released version 6.3(4) does not support rate-limit in an access-list. http://www.cisco.com/univercd/cc/td/...sw/v_63/cmdref /ab.htm#wp1067755 The rate-limit feature requires QoS support, something the PiX currently lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by Cisco's website) to support QoS. The "new features" datasheet for PiX 7.0 is listed here: http://www.cisco.com/en/US/products/..._data_sheet090 0aecd80225ae1.html Any QoS enabled IOS image should be able to do rate limiting, but I'm not sure which IOS feature sets have QoS and which do not. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 12:13 PM.
