Closing port on too many requests [Archive]

View Full Version : Closing port on too many requests

Cytrax

09-20-2003, 05:18 PM

In this day and age a persons server cannot seem to be left alone and just do what it was meant to do.

I currenty have a few dedicated servers arround the world and through my past have always come to some sort of problems with script kiddies and DDOS attacks and I am sure there has to be a way to solve my problem as others must experience this aswell.

For Example.

Server 1 is running with all the following ports open 110,25,21,80,23,5469(Proftpd),6667(ircd) and the o/s is RH9

say for example the server started getting attacked on port 21 could there be any way of getting the server t deny any requests to and from that port till the attacks die down ?

xisp

09-20-2003, 05:27 PM

You could use IPTables (or something similar) if the server is yours or, if you have access to the router, filter it there. You may find it easier to simply stop the process using that port, though.

alex

Cytrax

09-20-2003, 05:30 PM

The machine is dedicated but I do not have axs to the routers and as I thought that would be the obvious answer to just filter the traffic .

Damn :(

xisp

09-20-2003, 06:12 PM

Well, yeah... But simply doing "service ircd stop" will stop irc connections. You'll still get connection attempts but the port will be closed so they should stop fairly quickly. The same goes for any of the other services.

Cytrax

09-20-2003, 06:23 PM

I wish there was something kinda intelligent to do it for me if you know what I am saying like maybe have a .pl script to read the snort / iptables logs and if things started getting a little more frequent on a selected port then another script runs to stop the service *

xisp

09-20-2003, 06:36 PM

Just re-read your post and my reply was all rubbish :)You could try webmin (www.webmin.com) or VNC (www.realvnc.com) but SSHing to your server and typing 3 words isn't that hard :P

Depending on your PHP settings you might also be able to create a PHP page with

<?PHP

system("service ircd stop");

?>

This would control the service through a web broswer. However, I can't think of many servers that would allow apache to start and stop services... (and that's probably just as well)

alex

If it's any consolation you could probably write one and make it a cron job :P