31 Jul
2012
31 Jul
'12
7:54 p.m.
2012/7/31 grarpamp grarpamp@gmail.com:
I've thought about constructing iptables rules to limit the number of SYN packets for the same host per second or such
Multiple flows to the same host don't really bother routers of any class. Old routers choke when looking up many hosts in the routing table. So your proposed rules against port-scanning single hosts wouldn't help. Unless each SYN to a host is generated from multiple Tor-based IP-scanner's, in which case your node or Tor would probably be underwater from the parallel scans anyways.
Or perhaps their network is perfectly able to take that, but their staff is unwilling to look beyond « I recieved a mail on abuse@ » ...