Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung Letzte Überarbeitung Beide Seiten der Revision | ||
dapnetnodeconnectionratelimit [2018/06/26 20:55] dh3wr angelegt |
dapnetnodeconnectionratelimit [2018/06/26 20:58] dh3wr [Countermeasures and Connection Rate Limiting] |
||
---|---|---|---|
Zeile 7: | Zeile 7: | ||
In order to block maschines like this, the firewall at db0sda has been set up in a way, that if either | In order to block maschines like this, the firewall at db0sda has been set up in a way, that if either | ||
* There are more then 5 new TCP connections/minute from the same source IP to Port 43434 on dapnet.afu.rwth-aachen.de | * There are more then 5 new TCP connections/minute from the same source IP to Port 43434 on dapnet.afu.rwth-aachen.de | ||
- | * Or the first 2 kB for the traffic contain a string like //[UniPager-C9000 v.0.6.0 ]// (RegEx: | + | * Or the first 2 kB for the traffic contain a string like //[UniPager-C9000 v.0.6.0 ]// |
- | \[UniPager-.+\ v[0-9]+\.[0-9]+\.[0-9]\ \ \]) | + | <code>(RegEx: \[UniPager-.+\ v[0-9]+\.[0-9]+\.[0-9]\ \ \])</code> |
+ | |||
+ | then the source IP is added for 10 minutes to a list of blocked IPs. | ||
+ | |||
+ | With this approach, we should be also more save against possible DOS attacks. | ||