another seeming attack on my server's DirPort
Michael Holstein
michael.holstein at csuohio.edu
Wed Dec 19 14:11:02 UTC 2007
> The symptom, like the last time, was that output rate on my
> machine's main Ethernet interface was running steadily around the transmit
> rate limit imposed by my ADSL line.
tweak as desired ... this would permit 1 connection per minute from a
given IP. Replace (torDirPort) with whatever TCP port you're serving the
DIR on.
iptables -A INPUT -p tcp --dport (torDirPort) -m state --state NEW -m recent --set --name TORdir -j ACCEPT
iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j LOG --log-prefix "TORdir flood"
iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60 --hitcount 1 --rttl --name TORdir -j DROP
(adapted from a SSH bruteforce mitigation rule to do a similar thing..)
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
More information about the tor-talk
mailing list