On Thursday, November 17, 2005 2:56 PM, suppressed wrote:
"atd" is a daemon like "crond", so I presume that atd manages all the "at now + 1 hour" requests.Peter wrote:Try something like (off the top of my head, untested): iptables -I INPUT -s %s -j DROP; echo 'iptables -D INPUT -s %s -j DROP' | at now + 1 hoursThats pretty neat, I have never heard of the at command. Surely if you were being hammered by multiple IP's, that would leave loads of at processes hanging around?
I like the look of mod_evasive that you pointed out, but won't have chance to try it for some months.On another note I dont think you should let interchange have clear access to iptables for fairly obvious reasons, you can configure sudo to allow access to a command with limited arguments (i.e something like iptables -I INPUT -s (\d*.\d*.\d*.\d*)/32 -j DROP; to limit access) so the interchange user can't do things like iptables -IINPUT -s 0.0.0.0/0 -j DROP. An even better solution would be to use somethinglike grsecurity, which I am planning to tinker with in the near future. _______________________________________________
Also came across the following DDoS mitigation solutions which may be of interest to you:
http://www.solutix.ch/cgi-bin/index.pl http://forums.deftechgroup.com/showthread.php?t=825___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.