Here we have a debian firewall with 3 interfaces (in, out & dmz) running ipchains.
Now we are facing a problem: some people are making 'automated searches' on our www server -an ugly IIS5 :), and we intend to block this kind of search. I was thinking about blocking it on the firewall, this way: regularly I would collect some stats about the traffic, and if some client IP reaches a 'limit', I would re-run the firewall script and block that IP.
Well, here goes my ask for help: can anybody give me some simple clues on how to collect those stats? I really don't know a lot about ipchains, but can it do the job? How? Or will I need another package like ipac or something?
What I really need is something like a file with three fields, "Client IP, Time elapsed, Number of bytes" that I can process.
I tried ipac, but it seemed so difficult to me to use it...
Thanks in advance.
Sign-up for your own FREE Personalized E-mail at Mail.com
One click access to the Top Search Engines