ok let me ask this first can i just have ipchains on the box without changing and routig etc that is set now as i wouldnt want to make an major overhaul! This is no problem, but the whole thing (blocking nimda "attacks" to your

Hi, the nimda attackers in turn have kind of success in doing a kind of a DoS attack against this boxes. And how should this evergrowing blocking tables ever be cleared ... ? -----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.at] Gesendet am: Freitag, 21. Dezember 2001 12:04 An: Bob B Cc: Rogier Maas; suse-security@suse.com Betreff: Re: [suse-security] Entriy in apache log linux box) is really useless, as many have non-static ip-adresses and you will soon have a huge blocking table, which results in poor performance. If you have really too much entries in your logs (filling up the disks), clean them with a script that removes all those entries or contact the provider of the infected hosts. Blocking of huge address ranges doesn't solve any problems. Markus Gaugusch -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com