Search results

During an attack you'll want to lower CT_LIMIT down to around 100, but if you set it to anything lower than that you'll probably begin to see false positives. You can use the "netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr" command to help you fine tune the limit. I...

Why not set the outbound bandwidth/inbound bandwidth settings? Something like 300K outbound and 10K inbound should do. When under attack you'll also want to lower dynamic requests/second to 1 and connection soft/hard limit to around 10/20. All your other settings look fine during an attack...