We have implemented and Red Team tested such a defense against TCP connection floods. The software is available open-source at http://apod.bbn.com/release/latest and documented at http://apod.bbn.com/release/latest/docs/quo/apod/docs/manual/pdf/ApodToolkit.pdf in section 3.9 Michael On Mon, Oct 28, 2002 at 12:49:35PM -0700, rwc@lanl.gov wrote: > Is anyone working on the following modification to iptables? > > Dynamically watch for connections coming from any source IP addresses > that exceeds a > predefined number of connections per unit time. When seen, block all > subsequent connections from that source for a predefined period of time > or > indefinitely. Currently, one can do this for specific predefined source > IP > addresses, but it would be good to have the ability to do this without > having prior knowledge of the offending IP source. > > > > -- matighet@bbn.com BBN Technologies