Yes, a snort rule could do this, provided you attached some 3rd party app to it thatll handle dispatching fw rules, and if we're to match something in the content field, like a username.
OTOH, it would be crude, but if you can trace 'em back, to just deny usage to their netblock?..
Anyway, some more info on how you handle board logins, how it was flooded, what ip addresses they're sposed to be from, if it's spoofed, etc etc would be welcome.
|