[Firewall] protect to many connections form same ip
Arno van Amersfoort
arnova at rocky.eld.leidenuniv.nl
Sun Nov 4 14:10:24 CET 2012
IDS (currently) can only detect probes on ports that are NOT opened. You
could give the ssh-brute-force plugin a try but the problem is to
distinguish between real (heavy) traffic and this specific host. So this
will only work if there's not heavy traffic from legimate hosts...
On 11/02/2012 12:03 PM, Michel van Dop wrote:
> I use the firewall script many times on my apache webservers and
> streaming servers.
> The last version of the script works great on CentOS 6.3 64bit, On
> CentOS 5 i must use the older version 1.9.2n for low Kernel version.
> It works very good, for many years! Thanks Arno!
> Only sometimes 1 user (IPv4) connect 100 times to same services how can
> we protect that?
> I try to use: ids plugin and set in the firewall.conf REDUCE_DOS_ABILITY
> on 1, and DRDOS_PROTECT=1
> But this has no effect.
> Can i use the ssh-brute-force-protection plgin and set it on the stream
> port (80 tcp)?
> Or someone has another idea?
> Best regards,
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall