[Firewall] protect to many connections form same ip

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Sun Nov 4 14:10:24 CET 2012


IDS (currently) can only detect probes on ports that are NOT opened. You 
could give the ssh-brute-force plugin a try but the problem is to 
distinguish between real (heavy) traffic and this specific host. So this 
will only work if there's not heavy traffic from legimate hosts...

a.

On 11/02/2012 12:03 PM, Michel van Dop wrote:
> Hello,
>
> I use the firewall script many times on my apache webservers and
> streaming servers.
>
> The last version of the script works great on CentOS 6.3 64bit, On
> CentOS 5 i must use the older version 1.9.2n for low Kernel version.
>
> It works very good, for many years! Thanks Arno!
>
> Only sometimes 1 user (IPv4) connect 100 times to same services how can
> we protect that?
>
> I try to use: ids plugin and set in the firewall.conf REDUCE_DOS_ABILITY
> on 1, and DRDOS_PROTECT=1
>
> But this has no effect.
>
> Can i use the ssh-brute-force-protection plgin and set it on the stream
> port (80 tcp)?
>
> Or someone has another idea?
>
> Best regards,
>
> Michel
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list