Wednesday, 5 January 2011

Monitoring IP traffic on a host against denial of service

Long time ago I have given some tips for Cisco routers IoS capability to limit SYN half-open TCP connections [here]. Recently a nice python script [here], provides a mechanism to monitor similar information on regular bases and block IP addresses for a certain period of time automatically. It uses combination of tools : netstat, iptables and python modules. However, tuning thresholds must be done carefully to prevent blocking legitimate traffic.

No comments:

(c) Copyright 2008-2020 Mehmet Suzen (suzen at acm dot org)

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License