[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another seeming attack on my server's DirPort




The symptom, like the last time, was that output rate on my
machine's main Ethernet interface was running steadily around the transmit
rate limit imposed by my ADSL line.
tweak as desired ... this would permit 1 connection per minute from a given IP. Replace (torDirPort) with whatever TCP port you're serving the DIR on.

iptables -A INPUT -p tcp --dport (torDirPort) -m state --state NEW -m recent --set --name TORdir -j ACCEPT
iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j LOG --log-prefix "TORdir flood"
iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j DROP

(adapted from a SSH bruteforce mitigation rule to do a similar thing..)

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University