On Mon, 13 Sep 1999, Benno Senoner spewed into the bitstream:
> Hello,
>
> Are there any plans to make inetd's "connection refused" (or at least
> connection closed) behaviour in case of too much simultaneos connections on a
> certain port , IP based ?
>
> It's easy to make an inetd service unusable on Redhat Linux, by simple
> flooding the port with connections.
>
> You should add a feature in inetd which limits the number of connections per
> minute based on the source IP addr.
> With this addition we can easily block the attacker, while keeping the services
> enabled for regular users.
>
> inetd is one of the crucial parts of a server and needs this feature in order
> to provide stability even while under attack.
It occurs to me that there's a certain amount of reinvention of wheels going on
here. There are already good tools to block intruders unless they hit an open
port. It's a simple matter with hosts.deny/hosts.allow to block a DOS attacker
or simply route the offending ip to "lo", and if it's port scanners you're after
then check out portsentry which does both of these things as a daemon.
--
Chuck Mead, CTO, MoonGroup Consulting, Inc. <http://moongroup.com>
Mail problems? Send "s-u-b-s-c-r-i-b-e mailhelp" (no quotes and no
hyphens) in the body of a message to [EMAIL PROTECTED]
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
