Date: Tue, 22 Aug 2000 07:58:47 +0200 (CEST) From: Domas Mituzas <midom@dammit.lt> To: noor@comrax.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: DoS attacks and FreeBSD. Message-ID: <Pine.BSF.4.21.0008220757070.26964-100000@mx.nkm.lt> In-Reply-To: <Pine.BSF.4.10.10008220241010.11868-100000@dns.comrax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have ipfw running on the server, and managed to block the IP's in > question in time. My question is: suppose I was not near the PC at the > time of the incident, how can I configure ipfw to automatically block > cnnections originating from any IP and that is continuous in a suspecious > manner? (let's say 50 concurrent connections to port 80 every second.) Hi, it is possible to set up your ipfw firewall so it logs all setup connections to any socket, you specify. Therefore, your program or smple perl script may listen on that socket and make decisions by calling external program, e.g. ipfw again. Domas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008220757070.26964-100000>