[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]










 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Fri Jun 3 12:10:07 2005</li>
<li>from: jkinney at localnetsolutions.com (James P. Kinney III)</li>
<li>in-reply-to: <1117813553.6941.30.camel@localhost></li>
<li>references: <1117746280.21522.21.camel@localhost> <<a href="msg00105.html">[email protected]</a>> <<a href="msg00107.html">[email protected]</a>> <<a href="msg00118.html">[email protected]</a>> <<a href="msg00141.html">[email protected]</a>> <1117813553.6941.30.camel@localhost></li>
<li>subject: [ale] iptables limits?</li>

&gt; 
&gt;  -blocking 3,000+ IPs from ongoing port scan attacks
&gt;  -blocking 2,500+ IPs from http/https scripting attacks
&gt;  -blocking 1,200+ IPs from sending viruses and/or smtp port-knocking
&gt; 
&gt; I suppose I could be cruel and block the common subnets, but then
&gt; instead of restricting 7,000 IPs I could be restricting 7M.
&gt; 
&gt; If 50,000 iptable rules don't cause any problems then why not use them?

It's not a problem, so use 'em. It's really only small hardware (slow
cpu, limited RAM) that has &quot;issues&quot; with huge rule sets.

But then those devices are sold at MicroCenter for home use anyway. All
they are good for is bulk blocking everything to port ABC.
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO &amp; Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
<a  rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
&lt;jkinney at localnetsolutions.com&gt;
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part



</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00104" href="msg00104.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00105" href="msg00105.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00107" href="msg00107.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> jrickman at gmail.com (Jonathan Rickman)</li></ul></li>
<li><strong><a name="00118" href="msg00118.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00141" href="msg00141.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> jrickman at gmail.com (Jonathan Rickman)</li></ul></li>
<li><strong><a name="00142" href="msg00142.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00142.html">[ale] iptables limits?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00144.html">[ale] Debian 3.0 as a server platform?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00142.html">[ale] iptables limits?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00147.html">[ale] iptables limits?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00143"><strong>Date</strong></a></li>
<li><a href="threads.html#00143"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread