I, for one, don't , either. The thing is, if the IP changes too much, blocking on an IP-to-know basis can generate too many rules. Blocking the subnet is easier, but tougher on the innocent.
In this case, what DNSSTUFF says is that the IP is the range 88 to 95, which means that you can block 218.4.152.88 netmask 255.255.255.248 or 218.4.152.88 / 29 (slash notation) That's what I meant to say. Luis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: quinta-feira, 21 de Junho de 2007 14:36 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] limiting connections per ip address in apache2whenunder attack On 6/21/07, Luis Moreira (ESI-GSQP) <[EMAIL PROTECTED]> wrote: > This is not an "Apache answer", but it may help you. > > Do the IPs vary too much, or can you set up a firewall rule to block > incoming requests (any requests) from those IP ? > Sort of your own very personal "black list"? > Of course, should that address decide to post a legitimate request, it would > get blocked but hey, who told them to mess up the first time? > > On the other hand, on http://www.dnsstuff.com/ you can find info on IP > addresses on the net. > Who and were they are, if they belong to spam lists, etc But of course, you probably don't want to play whack-a-mole with these IP addresses. What I'd suggest is implementing the per-IP connection rule in your firewall. I don't know anything about ubuntu's firewall package, but most of them can do this. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
