Hey Nitro, congrats
Can you give us any sight about what you did? I am very interested.
In the meanwhile, I was doing today some modification to the code, since you were thinking if the ban must be done 2 mins, one hour, etc
The new patch is fantastic, but I was thinking we need a way to ban more time if the same IPs are getting attacked again
I did this
A new type similar to receipt_t
typedef struct {
netadr_t adr;
int time;
int mult;
} receipt_ban_t;
Now I save my banlist in this array
#define MAX_FLOODBANS 24
receipt_ban_t floodBans[MAX_FLOODBANS];
And instead of the 120000 ms, I do 10000ms multiplied by the multiplied 'mult'
Finally, when specificCount reach 3, I increase the multiplier
Probably needs more tuning, but seems to be working for me. In other words, each time an IP gets attacked again, the punish time increase 10 seconds more, lol. Was thinking in doing it exponentially, but maybe is overkiller.
Any idea what happens if I increase the space from 24 to lets say 128? Because one of my server is directing attacks to more than 20 subnets :S
Edit: I think my solution has a problem when the 24 spaces get filled, my punish time isn't resetted to 10 secs...
This post has been edited by ipwnn00bs: 09 March 2012 - 07:38 PM