If they're coming from just the single IP, then black-hole'ing their IP is easier. If the address they're coming from is 128.115.1.1, then simply paste this at a shell prompt and give it your password when sudo asks for it:<br>
<br><code>sudo route add 128.115.1.1 gw 127.0.0.1 lo</code><br><br><div class="gmail_quote">This will cause all packets destined to go back to them to get dropped on the floor and should be sufficient. You'd really prefer to do this (or just add them to the naughty list which is something that I believe the SW can do, even with ancient builds of their SW) on your SonicWall box, but you can get away with doing it on your server.<br>
<br>Adding an IP tables (again, if you can't convince your SW to just drop packets from them) is more efficient, of course, but it's hairier to set up.<br><br><br>On Mon, Mar 18, 2013 at 2:19 PM, J. Wade Michaelis <span dir="ltr"><<a href="mailto:jwade@userfriendlytech.net" target="_blank">jwade@userfriendlytech.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>I have a CentOS web server that has recently been brought to a halt on two separate occasions. Checking the access.log, it appears that it was a Denial of Service (DOS) attack (hundreds of HTTP requests in a very short time, all from a single IP address).</div>
<div><br></div><div>I want to prevent these types of attacks from bringing the server to its knees. We have a hardware firewall (SonicWall) in place, but it isn't quite new enough to run the firmware that allows rate-limiting.</div>
<div><br></div><div>I have found a number of tutorials that show how to do this type of thing with IPTABLES. Is there a better solution? </div><div><br></div><div>Supposing I go with IPTABLES, do I need to include rules to allow FTP and SSH (the only other services on the server)? </div>
<div><br></div><div>Would any of you be willing to assist me with this?</div><br clear="all"><div>Thanks,<br>~ j.<br><a href="mailto:jwade@userfriendlytech.net" target="_blank">jwade@userfriendlytech.net</a></div>
<br>_______________________________________________<br>
KCLUG mailing list<br>
<a href="mailto:KCLUG@kclug.org">KCLUG@kclug.org</a><br>
<a href="http://kclug.org/mailman/listinfo/kclug" target="_blank">http://kclug.org/mailman/listinfo/kclug</a><br></blockquote></div><br>