* UDP packet storm
@ 2004-12-27 19:40 Bruno Wallace
[not found] ` <558224e304122712367f38de5d@mail.gmail.com>
0 siblings, 1 reply; 3+ messages in thread
From: Bruno Wallace @ 2004-12-27 19:40 UTC (permalink / raw)
To: netfilter
hello everybody,
what rule is implemented to udp packet storm?
--
thanks,
Bruno Wallace
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: UDP packet storm
[not found] ` <558224e304122712367f38de5d@mail.gmail.com>
@ 2004-12-27 20:38 ` ASHISH
2004-12-28 22:43 ` Jose Maria Lopez
0 siblings, 1 reply; 3+ messages in thread
From: ASHISH @ 2004-12-27 20:38 UTC (permalink / raw)
To: netfilter
I would suggest the following method:-
1. Go through the network activity logs, and estimate the average no
of packets per unit time that you consider as normal to your packet.
2. Then think of a tolerance margin.
3. Write appropriate rules for limting the rate of packets.
I would recommend genarating a cron job that estimates the average
number of packets per unit time after every day, and update the rule
in filter table. Again optimal estimation is not a trivial job as it
depends on several factors.
On Mon, 27 Dec 2004 17:40:26 -0200, Bruno Wallace
<bruno.wallace@gmail.com> wrote:
> hello everybody,
> what rule is implemented to udp packet storm?
> --
> thanks,
> Bruno Wallace
>
>
--
cheers
Ashish
--
cheers
Ashish
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: UDP packet storm
2004-12-27 20:38 ` ASHISH
@ 2004-12-28 22:43 ` Jose Maria Lopez
0 siblings, 0 replies; 3+ messages in thread
From: Jose Maria Lopez @ 2004-12-28 22:43 UTC (permalink / raw)
To: netfilter@lists.netfilter.org
El lun, 27 de 12 de 2004 a las 21:38, ASHISH escribió:
> I would suggest the following method:-
>
> 1. Go through the network activity logs, and estimate the average no
> of packets per unit time that you consider as normal to your packet.
>
> 2. Then think of a tolerance margin.
>
> 3. Write appropriate rules for limting the rate of packets.
>
> I would recommend genarating a cron job that estimates the average
> number of packets per unit time after every day, and update the rule
> in filter table. Again optimal estimation is not a trivial job as it
> depends on several factors.
I agree with all. I just would like to add that if the storm
comes to a destination port you don't use (normally the ones
from Netbios) then just drop them down.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-12-28 22:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-27 19:40 UDP packet storm Bruno Wallace
[not found] ` <558224e304122712367f38de5d@mail.gmail.com>
2004-12-27 20:38 ` ASHISH
2004-12-28 22:43 ` Jose Maria Lopez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.