does anyone know if there is a huge performance impact in using an ipsec policy with a very large ip filter list? can the processing for it be offloaded to the NIC with the proper drivers and hardware? im mainly speaking of the impact on a windows server 2003 box, but am curious about the impact on xp, 2000 as well.
this would basically work much the same way peerguardian does.. i know in linux you would use iptables to filter connections from particular ip's. so also, what is the performance like for a large filter list using iptables?
i know very little on ipsec and have been trying to read up on it more. i only came across it while searching for an equivalent solution to blocking connections as iptables provides... i dont seem to find very much on it though.
my idea is to write a program which listens for connections on certain ports, e.g. FTP/21, and if anything is sent to these ports, immediately ban that ip altogether. like a honeypot sort of thing. additionally the ability to respond to failed authentication attempts, (ssh, http, whatever) could also have those ip's banned. easy way to block out the chinese script kiddies, and potential dos attempts.
i found that i could use netsh on windows server 2003 and dynamically update my filter list using that. ive gotten so far now as to write a wrapper around that command to do what i want. but before i get too much further, i was hoping for some input on whether this is a good idea or not. is there a much better way?
would this still be highly vulnerable to dos attacks? would i potentially be blocking traffic i dont want to be blocking?
any input is appreciated.
this would basically work much the same way peerguardian does.. i know in linux you would use iptables to filter connections from particular ip's. so also, what is the performance like for a large filter list using iptables?
i know very little on ipsec and have been trying to read up on it more. i only came across it while searching for an equivalent solution to blocking connections as iptables provides... i dont seem to find very much on it though.
my idea is to write a program which listens for connections on certain ports, e.g. FTP/21, and if anything is sent to these ports, immediately ban that ip altogether. like a honeypot sort of thing. additionally the ability to respond to failed authentication attempts, (ssh, http, whatever) could also have those ip's banned. easy way to block out the chinese script kiddies, and potential dos attempts.
i found that i could use netsh on windows server 2003 and dynamically update my filter list using that. ive gotten so far now as to write a wrapper around that command to do what i want. but before i get too much further, i was hoping for some input on whether this is a good idea or not. is there a much better way?
would this still be highly vulnerable to dos attacks? would i potentially be blocking traffic i dont want to be blocking?
any input is appreciated.
Facebook
Twitter