Comment by OVH - Wednesday, 02 June 2010, 14:24PM

+ ICMP

Done.

Comment by OVH - Wednesday, 02 June 2010, 14:29PM

We have removed SYN. We leave ICMP.

Comment by OVH - Wednesday, 02 June 2010, 14:32PM

I wanted to re-do the test tomorrow at 7h/8h am in order to
validate a setting. It is obvious that there is big differences
in the settings between the night and day
and all in all we should make the R&D during the day :(

Comment by OVH - Wednesday, 02 June 2010, 15:17PM

We have changed the settings again.
Both of the two levels were set up.

Comment by OVH - Friday, 04 June 2010, 17:52PM

We will reduce the burst. So strengthen
protections. We have hugely scans on the
network at the level of the port 23 (telnet).

Comment by OVH - Friday, 04 June 2010, 17:52PM

done

Comment by OVH - Friday, 04 June 2010, 17:54PM

More than 1000 external IP blocked in telnet on 1200.
Normally we run at 200-300 max on the 6 hours.

Comment by OVH - Thursday, 08 July 2010, 16:50PM

We refine the adjustments against SYN flood.

Comment by OVH - Friday, 30 July 2010, 05:31AM

We have switched the IP blocking which scan on other infra in order to aspire this "bad" traffic and analyse it. This is going to allow us to have more logs and especially to know when the scan is accomplished. And if the scan is not accomplished, IP is kept blocked.

We could provide a site with the IP blocked list as well as scan logs then aggregate these logs on the network and AS in order to determine AS which are hazardous.