Shorewall users - Apr 2010 - Dynamic and temporary ip blocking

Our website delivers more than 100 million page vies each month and with this
popularity comes a lot of attacks. We''ve done fairly well using
shorewall to help keep this  under control. In fact, the only open port is port
80 on these machines.

Lately there appears to be worms being distributed where our servers happen to
be a target of attack. With this said, we''re having problems with DOS
attacks on port 80 from hundreds if not thousands of ips all over the world.
I''m not sure if we can use something like rate limiting and pemanatelly
drop the visitors by ip because these users are unaware they are doing this (ie
worms.

What I would like to do is temporarily drop these request for 24 hours. This way
we won''t permanently drop the human visitor. Is there a way to do this?
 		 	   		  
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3

------------------------------------------------------------------------------

On Tue, 20 Apr 2010 19:01:43 -0700, j_and_t@hotmail.com said:
> What I would like to do is temporarily drop these request for 24 hours.
> This way we won''t permanently drop the human visitor. Is there a
way to
> do this? 
fail2ban?

-- 
Keith Edmunds

+-------------------------------------------------------------------------+
|    Tiger Computing Ltd    |  Helping businesses make the most of Linux  |
|  "The Linux Specialists"  |       http://www.tiger-computing.co.uk  
|
+-------------------------------------------------------------------------+

------------------------------------------------------------------------------