Jonathan Wilson <jw@mailsw.com> wrote: >>Its much better to monitor a counter in order to detect DOS attacks >>or configuration errors and if there's concern about intrusion set up a >>couple rules to trigger the alarm when its counter is activated >>(outgoing connections, connection search for domain controllers...) > > What counter would you use? netfilter rules counter. Especially the dropped packages ones over time. Gruss Bernd