does isc dhcp 4.2.3 support blocking client which send many
perl-list
perl-list at network1.net
Wed Mar 7 18:19:13 UTC 2012
I'm not thinking that would work in the case of a relay agent - These packets would all appear to come from the relay agent and the relay agent would get blocked, not the end-user device.
----- Original Message -----
> From: "Jeff Waller" <jeffw at cnxntech.com>
> To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> Sent: Wednesday, March 7, 2012 1:12:39 PM
> Subject: Re: does isc dhcp 4.2.3 support blocking client which send
> many
> On Mar 7, 2012, at 10:52 AM, Simon Hobson wrote:
> > Martin McCormick wrote:
> >
> >> A good mechanism for controlling insane systems
> >> might be to read time intervals between each MAC address contact
> >> and start ignorring anybody who has contacted DHCPD more than X
> >> number of times in X number of seconds.
> >
> > Which is the sort of task Logwatch was written for. Anyone know if
> > any DHCP filters/actions have been written for it ?
> >
> > However, that won't work for devices behind a relay agent. And
> > someone said that iptables doesn't work either.
> IP tables can be made to work. Someone is being dumb.
> Here's A link from 5m of google;
> http://www.wjunction.com/48-technical-security-tutorials/107901-linux-ddos-protection.html
> http://www.infond.fr/2010/04/basics-6-tutorial-firewall-iptables.html
> Form the 2nd source, seems approximately the same;
> #9 allow 5 TCP connexion attempts
> # with 2 per minuts frequency
> #iptables -A INPUT -m state --state NEW -m recent --set
> #iptables -A INPUT -m state --state NEW -m recent --update --hitcount
> 6 -j DROP
> #iptables -A INPUT -m state --state NEW -m recent --update --seconds
> 60 --hitcount 3 -j DROP
> >
> > --
> > Simon Hobson
> >
> > Visit http://www.magpiesnestpublishing.co.uk/ for books by
> > acclaimed
> > author Gladys Hobson. Novels - poetry - short stories - ideal as
> > Christmas stocking fillers. Some available as e-books.
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120307/095a583f/attachment-0001.html>
More information about the dhcp-users
mailing list