why did you answer my question with a question totally unrelated to the issue i posted? you should start a new thread.
It depends on what server your running, if its a linux box then you can use IPchains. An OSSEC server should be at least located inside your DMZ if not your internal network. Filter the traffic at the firewall and you should be good. If its coming from inside then your issue is greater than your OSSEC server getting hit, you have a serious breach of security from within. If your OSSEC server is on a segment accessible from a wireless AP then take it off that segment or lock the wireless portion down. A wireless segment should always be locked down for company use and should never even be in a DMZ or local LAN if its being shared publicly. Create a separate segment for it that allows no access within your network. Of course i'm making a lot of guesses here because you have very little to go off of other than your server is getting DDOSd. On Mar 18, 5:03 am, "D.M" <[email protected]> wrote: > We are getting DDOS'ed on port 8383 of our server. Can anyone tell us in > which file we have to add the rule so if there are more than 100 connections > in 1 hour the Ip is blocked for 6 hours? > > Regards, > DM
