> This is a standard rule in OpenBSD (they also have one for DNS type > attacks too). I've looked at the OBSD one (written in perl) and its > fairly easy to craft. You could script this by having a program scan > the info logs every minute using a grep,cut,sort, uniq and then when > the value exceeds so many in a minute put the associated IP into a > file that is used by your IPTables to deny access via port 25. When > it updates the file it will also need to re-init IPTables. > > I'll bet you have it done in just under an hour! > > Jon
i'll take that bet :-) -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
