-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/08/2011 02:38 PM, Jason 'XenoPhage' Frisvold wrote: > Hi all, > > I'm trying to put together a rudimentary anti-DDoS rule in OSSEC and I > could use a hand .. Basically, I'm looking to block anyone who > excessively hits a web server. This is what I have thus far : > > <rule id="131105" level="10" frequency="500" timeframe="60"> > <if_matched_sid>31100</if_matched_sid> > <same_source_ip /> > <description>Excessive access, Temporary block</description> > </rule> > > This seems to be correct, but I can't get it to trigger with > ossec-logtest .. Any tips?
Am I approaching this the wrong way? Anyone have suggestions on how to handle this? - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3yNAAACgkQ8CjzPZyTUTSbFwCfSJDVL8mV6dDTtS26ud57FlHs Wm0An3S9bH4zYtjj3hFtfh5iJyTPMCVl =lDy9 -----END PGP SIGNATURE-----
