[SYN flood attack] how to ban IP blocks if...
Posted: 11 Jan 2013, 13:53
Hi all. I've been working in mitigating the attacks I'm suffering in my server and now I have a question.
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:
http://i.imgur.c om/m1oly.png (remove the space, sorry I can't post links)
(there is no filter in the capture, only port 80 connections)
It is just an example, I don't want to manually block 192.132.209.* cause there are a lot of blocks, not just a few ones. I want the firewall to block them automatically. Is it possible?
SYNFLOOD is currently enabled:
The attacks are under 50Mbps usually.
Thank you!
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:
http://i.imgur.c om/m1oly.png (remove the space, sorry I can't post links)
(there is no filter in the capture, only port 80 connections)
It is just an example, I don't want to manually block 192.132.209.* cause there are a lot of blocks, not just a few ones. I want the firewall to block them automatically. Is it possible?
SYNFLOOD is currently enabled:
Code: Select all
SYNFLOOD = "1"
SYNFLOOD_RATE = "30/s"
SYNFLOOD_BURST = "10"
Thank you!