We will make the tests of protections set up
against attacks of synflood and smurf type.
Date: 2010-07-30 03:31:47 UTC We have switched the IP blocking which scan on other infra in order to aspire this \"bad\" traffic and analyse it. This is going to allow us to have more logs and especially to know when the scan is accomplished. And if the scan is not accomplished, IP is kept blocked.
We could provide a site with the IP blocked list as well as scan logs then aggregate these logs on the network and AS in order to determine AS which are hazardous.
Date: 2010-07-08 14:50:11 UTC We refine the adjustments against SYN flood.
Date: 2010-06-04 15:54:50 UTC More than 1000 external IP blocked in telnet on 1200.
Normally we run at 200-300 max on the 6 hours.
Date: 2010-06-04 15:52:48 UTC done
Date: 2010-06-04 15:52:05 UTC We will reduce the burst. So strengthen
protections. We have hugely scans on the
network at the level of the port 23 (telnet).
Date: 2010-06-02 13:17:29 UTC We have changed the settings again.
Both of the two levels were set up.
Date: 2010-06-02 12:32:01 UTC I wanted to re-do the test tomorrow at 7h/8h am in order to
validate a setting. It is obvious that there is big differences
in the settings between the night and day
and all in all we should make the R&D during the day :(
Date: 2010-06-02 12:29:29 UTC We have removed SYN. We leave ICMP.