I have the misfortune of being on a misconfigured spammer CD somewhere. Periodically, I get thousands of connections to port 25, scrolling through [EMAIL PROTECTED] This amounts to a DOS attack, since legitimate mail may be held up for hours while my system spawns thousands of sendmails - just to reply no such user. I can throttle this by limiting connections from a single IP, but it still means that I suffer through hours of limited bandwith while this leech sucks it up.
It does not come from the same IP every time, so I can't block on IP. I'd like to block it with something like the PSD module. What I really want to tell my firewall is this: if you see so many connections to this port from the same IP, blackhole the IP for 30 minutes. Any ideas on how to do that? --Yan -- Future fighter pilots: Me: Akari, WHAT are you DOING? Akari, age 3: Pushing the envelope. 12:17pm up 5 days, 5:44, 14 users
