-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I'm trying to put together a rudimentary anti-DDoS rule in OSSEC and I
could use a hand .. Basically, I'm looking to block anyone who
excessively hits a web server. This is what I have thus far :
<rule id="131105" level="10" frequency="500" timeframe="60">
<if_matched_sid>31100</if_matched_sid>
<same_source_ip />
<description>Excessive access, Temporary block</description>
</rule>
This seems to be correct, but I can't get it to trigger with
ossec-logtest .. Any tips?
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3vwbEACgkQ8CjzPZyTUTQqtACgj8Ljlxnsdj9+Asy6y7Dr8zBN
xhEAn3vQ21eiqKTN9YuX40wUmwrb1KgY
=uLr0
-----END PGP SIGNATURE-----
