Re: [off-topic] iptables and blocklist

To: Bharath Ramesh <bramesh@vt.edu>
Cc: debian-amd64@lists.debian.org
Subject: Re: [off-topic] iptables and blocklist
From: Neil Gunton <neil@nilspace.com>
Date: Fri, 26 Dec 2008 16:10:14 -0800
Message-id: <[🔎] 49557266.1070009@nilspace.com>
In-reply-to: <[🔎] 49553E33.8060302@vt.edu>
References: <[🔎] 49553E33.8060302@vt.edu>

Bharath Ramesh wrote:

I feel that this because of the large number of rules that are beingcreated. My question would be what would be a good way to block largenumber of ip ranges with iptables.

I wrote a Spambot Trap back in 2002, which has been running on mywebsites for years now, protecting against spambots. The article is here:


http://www.neilgunton.com/doc/spambot_trap

The real distinguishing feature is the progressive block algorithm.Basically each time a bot falls into the trap, the block time isdoubled. The exponential nature of this ensures that ip addresses whichonly offend once or twice do not sit around clogging up my iptablesrules, whereas repeat offenders progressively get longer and longerblocks. The system copes very well with the constantly changing ipaddresses of the zombie botnets.


Neil

Reply to:

References:
- [off-topic] iptables and blocklist
  - From: Bharath Ramesh <bramesh@vt.edu>

Prev by Date: [off-topic] iptables and blocklist
Next by Date: Re: [off-topic] iptables and blocklist
Previous by thread: [off-topic] iptables and blocklist
Next by thread: Re: [off-topic] iptables and blocklist
Index(es):
- Date
- Thread