| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] How to restrict the number of alerts send for sam rule
Howdy,
how can I restrict the number of mails per second that will
be send when a packet gets rejected by a sam rule.
e.g.: - some #$%&%* basterd does a portscan; I intercept the
attempt and do a "fw sam ..." to block the intruder;
the portscan goes on and all further packets are
blocked by sam, however every rejected generates an
e-mail alert; this floods and almost crashes my
e-mail server.
In other words: I have found an effective way to turn a
relatively harmless portscan (most of the time those ports
are not open) into a DOS in my e-mail server... snif.
Is there any way I can make sure the firewall will only send
a limited number of e-mails per second. (I tried the "Excessive
Log Grace Period" but that doesn't seem to have any impact)
Thanks in advance,
Nico
---------------------------------------------------------
"It has been said that there are only two businesses that
refer to customers as users: illegal drug trade and
the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/NEE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
