[ic] IC not responding
John1
list_subscriber at yahoo.co.uk
Thu Nov 17 13:55:11 EST 2005
On Thursday, November 17, 2005 2:56 PM, sandy at scotwebshops.com wrote:
> Peter wrote:
>
>> Try something like (off the top of my head, untested):
>>
>> iptables -I INPUT -s %s -j DROP; echo 'iptables -D INPUT -s %s -j
>> DROP' | at now + 1 hours
>
>
> Thats pretty neat, I have never heard of the at command. Surely if
> you were being hammered by multiple IP's, that would leave loads of at
> processes hanging around?
>
"atd" is a daemon like "crond", so I presume that atd manages all the "at
now + 1 hour" requests.
> On another note I dont think you should let interchange have clear
> access to iptables for fairly obvious reasons, you can configure sudo
> to allow access to a command with limited arguments (i.e something
> like iptables -I INPUT -s (\d*.\d*.\d*.\d*)/32 -j DROP; to limit
> access) so the interchange user can't do things like iptables -I
> INPUT -s 0.0.0.0/0 -j DROP. An even better solution would be to use
> something
> like grsecurity, which I am planning to tinker with in the near
> future. _______________________________________________
>
I like the look of mod_evasive that you pointed out, but won't have chance
to try it for some months.
Also came across the following DDoS mitigation solutions which may be of
interest to you:
http://www.solutix.ch/cgi-bin/index.pl
http://forums.deftechgroup.com/showthread.php?t=825
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
More information about the interchange-users
mailing list