dynamically limit ip connections to ports over time?

Ed Stover estover at nativenerds.com
Thu May 5 09:04:15 PDT 2005


Alex Teslik wrote:
> Hi all,
> 
>     I have been running a FreeBSD box for a few years. Over this time spammers
> and other unfriendlies have found my box and have been attacking at a slowly
> increasing rate. Every night the daily periodic scripts run and report to me
> the number of rejected mail hosts. Last week, one of the rejected mail hosts
> had the number of rejections listed at 3000. My hard drive has been getting
> louder and louder as it gets busier rejecting and logging all of these and now
> I would like to do something about it... but I'm not sure what I can do. When
> the hard drive is at its busiest I see mail being virus and spam scanned at a
> dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding.
>     What I would LIKE to do is allow any ip to connect to a port for a
> specified number of times per minute.  If they connect too many times than I
> would like to freeze them out for a specified amount of time. This solution
> should be dynamic so that I don't need to constantly monitor the offending ip
> addresses.
<snipped>


Here is an idea, try grey listing for denying spam and portsentry to
keep the un-friendlies blocked. Both programs are fairly simple to setup
and maintain. Greylisting will deny incoming email for a set amount of
retries and time, thus you only get mail from real mail servers because
spammers don't usually try resending the spam after the initially list
has run. Portsentry is designed to detect incoming scans and block deny
the IP afterwards. It is kinda like a honey pot but funner  ;)


More information about the freebsd-questions mailing list