Detecting a DOS attack on my iptables firewall
From: Jeff Franks (jfranks1970_at_charter.net)
Date: 12/13/04
- Next message: jsuthan: "Help with my LIDS"
- Previous message: Lensman: "Re: shadow file"
- Next in thread: Tim Haynes: "Re: Detecting a DOS attack on my iptables firewall"
- Reply: Tim Haynes: "Re: Detecting a DOS attack on my iptables firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Dec 2004 10:45:51 -0600
Thanks for all the help on my previous issues. I'm finding that this
IPTABLES firewall rocks! VERY configurable and customizable.
I am having occasional trouble with a person (or persons) trying to shutdown
my game server by flooding the game port with packets. I can pull up the
ip_conntrack file and determine who it is. Then I can drop all incoming
traffic from that IP or subnet. It works great.
Is there a method that I can use to determine when I am being flooded? It
manually takes me about 10 minutes to determine what IP/Range I need to
block. I am hoping I can find a method to run a script every minute or so
that checks the port and autoblocks if it determines there is a problem.
Ideas?
thanks again,
jf
- Next message: jsuthan: "Help with my LIDS"
- Previous message: Lensman: "Re: shadow file"
- Next in thread: Tim Haynes: "Re: Detecting a DOS attack on my iptables firewall"
- Reply: Tim Haynes: "Re: Detecting a DOS attack on my iptables firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
