> I have a script I run that adds bad servers to my ipfw tables (this on > freebsd) my server that is set to gigabit is currently blocking 82 IP's. > If they stop trying to talk to me for more than an hour it unblocks them. I'm on a Linux box, but some experimentation with iptables finally did the trick. I initially tried dropping connections, which almost seemed to _increase_ the rate of queries. I suspect it's the same flawed logic as in the Netgear / University of Wisconsin fiasco, where, when the client doesn't get a response, it increases the query rate, rather than backing off. A "DROP" with iptables, then, doesn't help anything.
I learned today that iptables lets you send an "icmp-host-unreachable." Thus I blocked the guy with: sudo iptables -A INPUT -p tcp -s 200.203.122.235 --dport 123 -J REJECT --reject-with icmp-host-unreachable It seemed like he went away for a while, but I'm getting them again. In case anyone else hadn't realized it... "sudo tcpdump -n port 123" will show you all connections on port 123. The -n flag keeps it from resolving hostnames. (One IP was mapped to the "name" 192.168.1.1, which left me scratching my head for a bit.) _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
