[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF story, happy ending.



On Sat, 1 Oct 2005, Bob Beck wrote:

>
> 	If I had a dollar for every time some mouth breathing twit did
> that here well, I could at least buy some very good bottles of wine.
>
> 	Upgrade the firewall to use the state limits and the overload
> table, then filter the overload table and rdr web connections from it
> to a web page that says basically "you have a virus you fucktard. fix it
> and it'll work again." put a cron job that flushes the overload table
> every few hours - or if you're really clever make a button on the web
> page they can poke to remove their machine from the table - if they do it
> before they clean the machine they just go right back in.
>
> 	-Bob

Hi Bob

We're in the process of upgrading to 3.8, have the hardware, now have the
time.  There aren't any users on the system, it's a Windows domain
controller.  Why it was there I don't know, in fact they didn't seem that
concerned about pulling it off the network.  I thought about adding a cron
job to flush the state table and or increasing the state table max value,
but it was such an egregious (for Ed that means "conspicuously and
outrageously bad or reprehensible") problem.  Filling up the stock state
table setting in 2 seconds meant I needed to troubleshoot and fix the
problem now.  Seeing all the fragments in the state table really concerned
me also, in fact that's all that was filling up the state table.  I've
seen the same problem at my day job on our network and it's never been a
good thing.

Hope things are going well for you,

diana