From what you're saying, then, that would only work for him if he knows theIP/networks he's getting hit by ahead of time. It doesn't sound like it would prevent rate-limit connections from *any* IP address. For that you'd really need to keep track of simultaneous connects per IP.
Well, he originally said, "this one"... implying he knows specifically who...
Although, if he's being pummeled by by random addresses, the ConnectRate, ClientConn and such would help him on a global scale.
In any case, I have a script I use for abusive stuff like that that's in TCL and can be modified for really any kind of abuse seen via the log files... It blackholes (null routes) the offender for any time the user wishes. Right now I only use it against SMTP RCPT_TO: floods where sendmail tosses out the log message with the IP and I blackhole it for a week.
-Ben _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
