[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Denying connections

To: oli@xxxxxxxxxxxxxxxxxx
Subject: Re: Denying connections
From: borud@xxxxxxxxxxx
Date: 17 Oct 1997 09:37:04 -0000
Cc: ircd-users@xxxxxxxxxxx
In-reply-to: <19971016234525.38716@hera.icelandic.net>
References: <19971016234525.38716@hera.icelandic.net>
Reply-to: borud@xxxxxxxxxxx

[Me!]
| Hi, 
| I wasn't sure if this is more of a Linux question than an ircd
| Q, so I decided to take my chances...  There is a domain that I want
| to deny access to all the ports that ircd runs on, the reason for
| this is simple, there is someone there that keeps sending clones to
| the server without delaying and the server gets slow when it has to
| deny that many clients so fast(I am upgrading the hw in a few day's,
| so it might get better) and I would like to deny all connections
| from that host without ircd ever knowing that the connection attempt
| was made.  Does anyone have an idea on how I can do this?

I have (with some success) used the firewalling code in the Linux
kernel to do just this.  check out the manual page for ipfwadm and
take a peek at the firewalling howto.

I have found it best just to drop packets from abusive sites rather
than reject (which results in a ECONNREFUSED) them so as to possibly
slow down the attack.

you might want to NOT log these failed connections if there are a lot
of them and if you have limited space for logs.

-Bjørn
-- 
 Bjørn Borud <borud@xxxxxxxxxxx>       | "The Net interprets censorship 
 <URL:http://www.pvv.unit.no/~borud/>  | as damage and routes around it."
 UNIX person, one of "them"            |         - John Gilmore

Follow-Ups:
- Re: Denying connections
  - From: Robert Martin-Legene

References:
- Denying connections
  - From: Me!

Prev by Date: beta8
Next by Date: Re: New JOIN in 2.9.4b8?
Previous by thread: Re: Denying connections
Next by thread: Re: Denying connections
Index(es):
- Date
- Thread