[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another seeming attack on my server's DirPort
On Wed, 19 Dec 2007 09:11:02 -0500 Michael Holstein
<michael.holstein@xxxxxxxxxxx> wrote:
>> The symptom, like the last time, was that output rate on my
>> machine's main Ethernet interface was running steadily around the transmit
>> rate limit imposed by my ADSL line.
>tweak as desired ... this would permit 1 connection per minute from a
>given IP. Replace (torDirPort) with whatever TCP port you're serving the
>DIR on.
>
>iptables -A INPUT -p tcp --dport (torDirPort) -m state --state NEW -m recent --set --name TORdir -j ACCEPT
>iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j LOG --log-prefix "TORdir flood"
>iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j DROP
>
>(adapted from a SSH bruteforce mitigation rule to do a similar thing..)
>
Thanks, but I'm using pf under FreeBSD 6.3-PRERELEASE. At present, I'm
block *all* inbound packets at the router from the two offenders noticed so
far. I'm not really doing much with pf at the moment, but I intend to whenever
I get around to setting up a particular tor configuration that will need some
redirection to work right.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************