Quote:
1) I was wondering wether or not there is a way to restrict how many website a user or ip can get per minute.
|
Linux was built with the system administrator in mind, not with the accountant. Therefor:
-Use iptables
-Create a custom chain which counts the number of times it is traversed
-Set up some other rules which jump to that chain
In my case, I looked at tcp and upd packets coming from $net_wrl. In the tcp case, I only looked at connections not yet established, i.e. requests for new connections.
Code:
# Define custom chain for possibleDDoS attacks
$IPTABLES -N DDoS
$IPTABLES -A DDoS -m limit --limit 10/s --limit-burst 32 -j RETURN
$IPTABLES -A DDoS -j LOG --log-prefix "[Connection overflow] "
$IPTABLES -A DDoS -j DROP
#:
Code:
#:This one for Timmie's gaming fun: drop the initation of too many packets:
$IPTABLES -A FORWARD -p tcp -s $net_wrl --tcp-flags SYN,RST,ACK SYN -j DDoS
$IPTABLES -A FORWARD -p udp -s $net_wrl -j DDoS
#:
Quote:
2) When a folder is password protected, how can one limit the number of password-tries per minute?
3) is there any other smart way to avoid becoming a victim to a script-kiddie attack? (except updating software, of course)
|
Google for "tarpit" and "brute force" There are a few programs which do exactly what you are asking for. (Linux was built...) I don't have any experience, but it looks good.
jlinkels