discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Killed an IP due to excessive usage
- Date: Tue, 28 Dec 2010 21:30:00 -0700
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
Yeah Julian recommended that as well... I've added the TCP rule, just waiting to see the results. I would assume with these rules in place, I should not see more than 40 queries/sec from any single IP.
On 12/28/2010 09:01 PM, Christopher wrote:
Have you tried adding a second rule for TCP connections? Usually
they're not used, but if it's some sort of botnet it may be configured
to try both to increase its chances of success. This would also cause
higher bandwidth usage. Of course, this assumes the server accepts TCP
connections.
On Tue, Dec 28, 2010 at 10:51 PM, Jeff Taylor<shdwdrgn AT sourpuss.net> wrote:
iptables -A INPUT -p udp --dport 53 -m limit --limit 20/s --limit-burst 40 -j...
DROP
Now I say this rule 'should' limit traffic, because as I type this I am_______________________________________________
seeing another wave coming through from two IP's that prompted my blocks
earlier today. Apparently the rule is not doing what I expect as my
bandwidth jumped from about 10Kb/s to over 1800Kb/s (two IP addresses
slamming me with about 16,000 queries in 3 minutes). So again, if someone
else has more experience with iptables, I've love to see a proper rule for
this situation.
discuss mailing list
discuss AT lists.opennicproject.org
http://lists.darkdna.net/mailman/listinfo/discuss
- [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/24/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dean Gardiner, 12/24/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Günter Grodotzki, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Günter Grodotzki, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Christopher, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Larry Brower, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Larry Brower, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dustin, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dustin, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Christopher, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dean Gardiner, 12/24/2010
Archive powered by MHonArc 2.6.19.