Date: Wed, 6 Apr 2005 18:19:16 +0200 (CEST) From: "Marian Hettwer" <MH@kernel32.de> To: "Willem Jan Withagen" <wjw@withagen.nl> Cc: freebsd-security@freebsd.org Subject: Re: What is this Very Stupid DOS Attack Script? Message-ID: <4100.212.12.51.89.1112804356.squirrel@212.12.51.89> In-Reply-To: <425406ED.5060400@withagen.nl> References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> <425406ED.5060400@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte: > I've build some swatch-rules that after two of these hits, I dump > the host into ifpw-deny space. > Aye. I thought about writing a script, doing the same like yours, too. Could you post this script somewhere, so that I could add some functionality or just use it ? On one hand, of course, it would make no sense to blog these attackers, as they don't mind anyway wether they're blocked or not, on the other hand, I'd like to see only two attempts, and not loads of pages, blowing up my logfiles useless. By the way, you do know, that if you block these attackers forever, you may run into a self-made DOS attack, right ? Imagine, you have 10 attacks per day (from 10 different IP addresses) and you all block them, each day, for another 10 days. You already blocked 100 IP adresses then ;) Well, perhaps your script releases the blocked IP adresses after an specific amount of time... this would be a functionality I'd like to add :) So, I'd be glad if you could either upload the script on some webserver and make it public, or if you could private mail it to me. best regards, Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4100.212.12.51.89.1112804356.squirrel>