Benutzer-Werkzeuge
dapnetnodeconnectionratelimit
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
|
dapnetnodeconnectionratelimit [2018/06/26 20:55] dh3wr angelegt |
dapnetnodeconnectionratelimit [2018/06/26 20:59] (aktuell) dh3wr [Countermeasures and Connection Rate Limiting] |
||
|---|---|---|---|
| Zeile 5: | Zeile 5: | ||
| ===== Countermeasures and Connection Rate Limiting ===== | ===== Countermeasures and Connection Rate Limiting ===== | ||
| - | In order to block maschines like this, the firewall at db0sda has been set up in a way, that if either | + | In order to block maschines like these, the firewall at db0sda has been set up in a way, that if either |
| - | * There are more then 5 new TCP connections/minute from the same source IP to Port 43434 on dapnet.afu.rwth-aachen.de | + | * There are more than 5 new TCP connections/minute from the same source IP to Port 43434 on dapnet.afu.rwth-aachen.de |
| - | * Or the first 2 kB for the traffic contain a string like //[UniPager-C9000 v.0.6.0 ]// (RegEx: | + | * Or the first 2 kB for the traffic contain a string like //[UniPager-C9000 v.0.6.0 ]//, |
| - | \[UniPager-.+\ v[0-9]+\.[0-9]+\.[0-9]\ \ \]) | + | <code>(RegEx: \[UniPager-.+\ v[0-9]+\.[0-9]+\.[0-9]\ \ \])</code> |
| + | |||
| + | then the source IP is added for 10 minutes to a list of blocked IPs. | ||
| + | |||
| + | With this approach, we should be also more save against possible DOS attacks. | ||
dapnetnodeconnectionratelimit.1530039338.txt.gz · Zuletzt geändert: 2018/06/26 20:55 von dh3wr
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 4.0 International
