Our website delivers more than 100 million page vies each month and with this
popularity comes a lot of attacks. We've done fairly well using shorewall to
help keep this under control. In fact, the only open port is port 80 on these
machines.
Lately there appears to be worms being distributed where our servers happen to
be a target of attack. With this said, we're having problems with DOS attacks
on port 80 from hundreds if not thousands of ips all over the world. I'm not
sure if we can use something like rate limiting and pemanatelly drop the
visitors by ip because these users are unaware they are doing this (ie worms.
What I would like to do is temporarily drop these request for 24 hours. This
way we won't permanently drop the human visitor. Is there a way to do this?
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
