Modification to iptables (block IP addresses)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We have implemented and Red Team tested such a defense against TCP
connection floods. The software is available open-source at 
http://apod.bbn.com/release/latest
and documented at
http://apod.bbn.com/release/latest/docs/quo/apod/docs/manual/pdf/ApodToolkit.pdf
in section 3.9

Michael

On Mon, Oct 28, 2002 at 12:49:35PM -0700, rwc@lanl.gov wrote:
> Is anyone working on the following modification to iptables?
> 
> Dynamically watch for connections coming from any source IP addresses
> that exceeds a
> predefined number of connections per unit time.  When seen, block all
> subsequent connections from that source for a predefined period of time
> or
> indefinitely.  Currently, one can do this for specific predefined source
> IP
> addresses, but it would be good to have the ability to do this without
> having prior knowledge of the offending IP source.
> 
> 
> 
> 

-- 
matighet@bbn.com   BBN Technologies



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux