[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] How to restrict the number of alerts send for sam rule
Howdy, how can I restrict the number of mails per second that will be send when a packet gets rejected by a sam rule. e.g.: - some #$%&%* basterd does a portscan; I intercept the attempt and do a "fw sam ..." to block the intruder; the portscan goes on and all further packets are blocked by sam, however every rejected generates an e-mail alert; this floods and almost crashes my e-mail server. In other words: I have found an effective way to turn a relatively harmless portscan (most of the time those ports are not open) into a DOS in my e-mail server... snif. Is there any way I can make sure the firewall will only send a limited number of e-mails per second. (I tried the "Excessive Log Grace Period" but that doesn't seem to have any impact) Thanks in advance, Nico --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/NEE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|