* UDP packet storm
@ 2004-12-27 19:40 Bruno Wallace
[not found] ` <558224e304122712367f38de5d@mail.gmail.com>
0 siblings, 1 reply; 3+ messages in thread
From: Bruno Wallace @ 2004-12-27 19:40 UTC (permalink / raw)
To: netfilter
hello everybody,
what rule is implemented to udp packet storm?
--
thanks,
Bruno Wallace
^ permalink raw reply [flat|nested] 3+ messages in thread[parent not found: <558224e304122712367f38de5d@mail.gmail.com>]
* Re: UDP packet storm [not found] ` <558224e304122712367f38de5d@mail.gmail.com> @ 2004-12-27 20:38 ` ASHISH 2004-12-28 22:43 ` Jose Maria Lopez 0 siblings, 1 reply; 3+ messages in thread From: ASHISH @ 2004-12-27 20:38 UTC (permalink / raw) To: netfilter I would suggest the following method:- 1. Go through the network activity logs, and estimate the average no of packets per unit time that you consider as normal to your packet. 2. Then think of a tolerance margin. 3. Write appropriate rules for limting the rate of packets. I would recommend genarating a cron job that estimates the average number of packets per unit time after every day, and update the rule in filter table. Again optimal estimation is not a trivial job as it depends on several factors. On Mon, 27 Dec 2004 17:40:26 -0200, Bruno Wallace <bruno.wallace@gmail.com> wrote: > hello everybody, > what rule is implemented to udp packet storm? > -- > thanks, > Bruno Wallace > > -- cheers Ashish -- cheers Ashish ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: UDP packet storm 2004-12-27 20:38 ` ASHISH @ 2004-12-28 22:43 ` Jose Maria Lopez 0 siblings, 0 replies; 3+ messages in thread From: Jose Maria Lopez @ 2004-12-28 22:43 UTC (permalink / raw) To: netfilter@lists.netfilter.org El lun, 27 de 12 de 2004 a las 21:38, ASHISH escribió: > I would suggest the following method:- > > 1. Go through the network activity logs, and estimate the average no > of packets per unit time that you consider as normal to your packet. > > 2. Then think of a tolerance margin. > > 3. Write appropriate rules for limting the rate of packets. > > I would recommend genarating a cron job that estimates the average > number of packets per unit time after every day, and update the rule > in filter table. Again optimal estimation is not a trivial job as it > depends on several factors. I agree with all. I just would like to add that if the storm comes to a destination port you don't use (normally the ones from Netbios) then just drop them down. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-12-28 22:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-27 19:40 UDP packet storm Bruno Wallace
[not found] ` <558224e304122712367f38de5d@mail.gmail.com>
2004-12-27 20:38 ` ASHISH
2004-12-28 22:43 ` Jose Maria Lopez
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.