Wednesday, 5 January 2011
Monitoring IP traffic on a host against denial of service
Long time ago I have given some tips for Cisco routers IoS capability to limit SYN half-open TCP connections [here]. Recently a nice python script [here], provides a mechanism to monitor similar information on regular bases and block IP addresses for a certain period of time automatically. It uses combination of tools : netstat, iptables and python modules. However, tuning thresholds must be done carefully to prevent blocking legitimate traffic.