Date: Thu, 07 Apr 2005 20:28:18 -0400 From: Jon Adams <jonaadam@nsu.nova.edu> To: freebsd-security@freebsd.org Subject: Re: What is this Very Stupid DOS Attack Script? Message-ID: <4255D022.9040205@nsu.nova.edu> In-Reply-To: <4100.212.12.51.89.1112804356.squirrel@212.12.51.89> References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> <425406ED.5060400@withagen.nl> <4100.212.12.51.89.1112804356.squirrel@212.12.51.89>
next in thread | previous in thread | raw e-mail | index | archive | help
Marian Hettwer wrote: >On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte: > > >>I've build some swatch-rules that after two of these hits, I dump >>the host into ifpw-deny space. >> >> >> >Aye. I thought about writing a script, doing the same like yours, too. >Could you post this script somewhere, so that I could add some >functionality or just use it ? > > > This is similar to what I do... except I just run a cronjob every so often... daily.. weekly.. what have you.. that will restart ipfw... probably there is a cleaner solution, but it does the job for me.... as far as cleaning out the dozens of IPs that get blocked for connecting to ports they shouldnt on my boxes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4255D022.9040205>