On Fri, 16 Aug 2002, Brad wrote: > Heh, yer I know what you mean, I just want to be able to drop DoS attackers > straight into the firewall. I suppose another alternative would be to write > a C program than can gain then drop root privs at it needs them, accepting > only the passed in IP to construct the predefined rule, then only allowing > apache to run the program? > > Thanks Mad Scientist, your suggestion works fine, I've just got to decide if > the security risk is worth it. The DoS attacks that this script stops have > recently been totally taking my production system down. > > Brad. >
Brad, you could also check into Honeyport. that actually sounds more like what you'd need to take care of those rotten buggers. hang on to those connections till you're damn good and ready to let'em go. tie up "their" resources for a few days and see of those damn script kiddies don't leave you alone then. <evil grin> -- daRmaTTeR Reg. Linux User #186492 "Stupidity has no moral high ground...it can't see that high!"
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
