11 Dec
2017
11 Dec
'17
7:04 p.m.
Quoting Felix (2017-12-11 17:07:30), as excerpted
Hi Alex
Great points.
conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c | sort -nOn FreeBSD one can do:
yeah, the optimal rule would ban "bad IPs" after some threshold of connections, like "if one IP makes >1 conn/sec for at least 1 minute ban for 1 hour" or something. I'm hoping to fix the underlying issue in Tor so that low-bandwidth attacks like these are less effective.