Reputation: 48485
So this is more of a general question on the best practice of preventing DoS attacks, I'm just trying to get a grasp on how most people handle malicious requests from the same IP address which is the problem we are currently having.
I figure it's better to block the IP of a truly malicious IP as high up as possible as to prevent using more resources, especially when it comes to loading you application.
Thoughts?
Upvotes: 5
Views: 7849
Reputation: 94
iptables -I INPUT -p tcp -s 1.2.3.4 -m statistic --probability 0.5 -j DROP iptables -I INPUT n -p tcp -s 1.2.3.4 -m rpfilter --loose -j ACCEPT
# n would be an numeric index into the INPUT CHAIN -- default is append to INPUT chain
more at... Can't Access Plesk Admin Because Of DOS Attack, Block IP Address Through SSH?
Upvotes: 0
Reputation: 14505
You can prevent DoS attacks from occuring in various ways.
Referenced from here. There are other solutions too on same thread.
Upvotes: 11