El miÃ, 05 de 01 de 2005 a las 15:44, Benjamin Bostow escribiÃ: > I have a gateway that directs all internal web traffic to my website. > The site makes use of extensive DB calls. When someone with a virus > that connects to port 80 plugs in behind the gateway the DB goes to > 100% CPU usage. I am trying to limit this and try to filter out virus > traffic from browser/user traffic. I was thinking I could use kinda the > same rule as I have for preventing ping attacks but it doesn't seem to > work. I have tried using "iptables -t nat -I PREROUTING 1 -p tcp -m tcp > --dport 80 -m limit --limit 5/s --limit-burst 10 -j redirection_chain". > It seems that all traffic no matter how great still goes to my > webserver. Also, is there a way to drop packets over a certain amount > per time from one user? > > Benjamin Maybe an IPS like snort with the bleeding-rules can be useful to drop some of this traffic. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
