[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] DDOS protection

To: <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] DDOS protection
From: <deltamails@xxxxxxxxx>
Date: Fri, 15 Jun 2007 03:28:33 +0000
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=jiKBFDuuALtET/eC5skJtaEYJU9g0O9js/OsUPPKcjy3RMP6eGieAX0iNnfsnY42YfQu+5CesYMSlivi2iKZgcI2pUZ2LOhpLHihapzbQ+oi1TxdDisb/iVMS8ZycmRitgoDwpjyqUr82aI1uXg9Xre7fRkffVp+xvxOsDFKcxw=

Can Ossec do DDOS protection?
How can we set rule where if there are too many requests/connection say 
"200"from same IP of any kind let it be http,smtp,ftp,ssh etc it block the 
IP for 'x' time.

Thanks
Regards,
DM

Follow-Ups:
- [ossec-list] Re: DDOS protection
  - From: Daniel Cid

References:
- [ossec-list] Fine tune syslog_rules.xml Rule 1002
  - From: Steve West
- [ossec-list] Re: Fine tune syslog_rules.xml Rule 1002
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: localfile problem
Next by Date: [ossec-list] Re: localfile problem
Previous by thread: [ossec-list] Re: Fine tune syslog_rules.xml Rule 1002
Next by thread: [ossec-list] Re: DDOS protection
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.