|
Posted by T. Sean Weintz on March 15, 2005, 1:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
alex.cabana@cgocable.ca wrote:
> Hi!
>
> I'm working for an ISP and I'm trying to find a solution to some real
> annoying flood problems. I have to control the traffic over a Gig-link
> (About 600mb/s). I tried with snort and it's nearly impossible.
>
> Specific Action required: Block the destination IP (Yeah, own customer)
> when he receive more than 3mb/s of traffic per minutes. Is there a
> snort rule that allow that.. or anything else somebody is aware of ?
>
>
> Here's a short draw of the network
>
>
> (provider) --- Gig link --- Cisco 7114 Router --- Cable Modem Users
> |
> |
> Snort Linux Box
>
> Any help or suggestion is appreciated
>
Um, would it not make more sense to throttle things at the router? Or
maybe add a good bridging mode hardware firewall with GIG links that
supports rate limitting by destination IP address?
| 
XML site map