[unisog] Blocking inbound Internet traffic

Johan M. Andersen johan at columbia.edu
Fri May 9 13:01:21 GMT 2003


> We're doing something similar in that we shut down the port of the offender.
> This triggers another process that then pages us to alert that the port is
> down.  I like the idea of not shutting the port down and instead rate
> limiting it.

On average, we have between 60 and 80 IP's rate limited at a time. I'd
prefer not to be paged that much :) Another plus is that while a person is
in the penalty box, their average internet use (ie, browsing the web,
reading email) is relatively unimpeded (when testing with our own
workstations, there were no ill effects unless you tried to do something
like send a big attaachment through yahoo, or similar)

/johan



More information about the unisog mailing list