El lun, 27 de 12 de 2004 a las 21:38, ASHISH escribiÃ: > I would suggest the following method:- > > 1. Go through the network activity logs, and estimate the average no > of packets per unit time that you consider as normal to your packet. > > 2. Then think of a tolerance margin. > > 3. Write appropriate rules for limting the rate of packets. > > I would recommend genarating a cron job that estimates the average > number of packets per unit time after every day, and update the rule > in filter table. Again optimal estimation is not a trivial job as it > depends on several factors. I agree with all. I just would like to add that if the storm comes to a destination port you don't use (normally the ones from Netbios) then just drop them down. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
