assuming the set of attacker IPs is finite. could you keep a running log of IPs discard duplicates and add it to a block list for the duration of the attack?

On Tue, Sep 30, 2008 at 4:07 PM, Chuck Anderson <cra@wpi.edu> wrote:

On Tue, Sep 30, 2008 at 03:54:52PM -0400, Alex Camilo wrote:
> <clueless_newbie>just out of curiosity.
> Could this be an attack from some sort of botnet? would that explain the
> different IPs?

Yes

> or is he forging packets?
> </clueless_newbie>

Unlikely

_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug