[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Purvis Robert wrote: > How many rules would you say are "too many" to cause ipchains to crash? I'm > just starting tightening up on one of our servers using ipchains. I don't > want to shoot myself in the foot. IPChains is suppose to handle a lot of rules - some people use over 2000. My issues are almost certainly a local bug, or configuration issue. However simple one IP address filter rules for suspected abusive addresses that just accumulate and after I get a few screenfuls in one chain bad things happen. The issue I suspect is related to all the packets having to have all (or nearly all) the rules applied to them must tie up some limited resource. Probably those doing fancy things with lots of rules have a lot of short chains. When doing this for business use I tend to just block addresses for a specific time period, thus the rules don't accumulate, and you don't block people who happen to pick up the same IP address as someone nasty. The lesson is be very careful when programming an automated response to malicious activity, at least one proprietary firewall (using Linux underneath) use to allow you to automate a "finger" against suspected attackers and log the results. This option mysterious disappeared shortly after a "finger" vulnerability was found. As with drunks - best not to make eye contact or talk to script kiddies just ignore them, and they go away. Alas another one appears all too soon. The main reason for blatting such address is not to stop them hacking, but just to stop them poking around. I trust most of the software facing outside (well I'm a bit dubious about some of the instant messaging stuff), but I don't want some poking around too much out of interest, if nothing else I get just the one e-mail about it instead of several. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+OVUSGFXfHI9FVgYRAqaqAKC6Rt7sTfdri0tFZo2vMulFPBI0JQCfRX2L /ljvuImbTVPEsymuGKi68Y4= =OC2E -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.