Alex Camilo wrote:
assuming the set of attacker IPs is finite. could you keep a running log of IPs discard duplicates and add it to a block list for the duration of the attack?
On Tue, Sep 30, 2008 at 4:07 PM, Chuck Anderson <cra@wpi.edu <mailto:cra@wpi.edu>> wrote:
On Tue, Sep 30, 2008 at 03:54:52PM -0400, Alex Camilo wrote: > <clueless_newbie>just out of curiosity. > Could this be an attack from some sort of botnet? would that explain the > different IPs?
Yes
> or is he forging packets? > </clueless_newbie>
Unlikely _______________________________________________ Wlug mailing list Wlug@mail.wlug.org <mailto:Wlug@mail.wlug.org> http://mail.wlug.org/mailman/listinfo/wlug
------------------------------------------------------------------------
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug I forgot to mention that the box is also a webserver that clients log into, so blocking IPs (other than ssh) may keep people from accessing a website...It's moving slowly also, (s)he is on ajs right now, as opposed to ach when I sent the original email...
-- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F