RE: limiting connections per ip address in apache2whenunder attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I, for one, don't , either.

The thing is, if the IP changes too much, blocking on an IP-to-know basis
can generate too many rules.
Blocking the subnet is easier, but tougher on the innocent.

In this case, what DNSSTUFF says is that the IP is the range 88 to 95, which
means that you can block 
218.4.152.88 netmask 255.255.255.248 
or 
218.4.152.88 / 29 (slash notation)

That's what I meant to say.


Luis



-----Original Message-----
From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of Joshua Slive
Sent: quinta-feira, 21 de Junho de 2007 14:36
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  limiting connections per ip address in
apache2whenunder attack

On 6/21/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote:
> This is not an "Apache answer", but it may help you.
>
> Do the IPs vary too much, or can you set up a firewall rule to block
> incoming requests (any requests) from those IP ?
> Sort of your own very personal "black list"?
> Of course, should that address decide to post a legitimate request, it
would
> get blocked but hey, who told them to mess up the first time?
>
> On the other hand, on http://www.dnsstuff.com/ you can find info on IP
> addresses on the net.
> Who and were they are, if they belong to spam lists, etc

But of course, you probably don't want to play whack-a-mole with these
IP addresses.

What I'd suggest is implementing the per-IP connection rule in your
firewall. I don't know anything about ubuntu's firewall package, but
most of them can do this.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux