Grant,
In this entire thread you haven't mentioned what your "scenario"
is. All you say is "DOS". What is your scenario?
On Wed, Dec 14, 2016, at 01:52 PM, Grant wrote:
> > You don't mention anything about the rate...
> > Anyway, fail2ban does look at hosts individually ...it doesn't
> > "lump together stats for requests coming from different IP
> > addresses".
> >
> > If this "DOS" attack simply involves -for instance- requests to
> > legitimate web pages and not attempts to brute force log in to your
> > website (using - for example - a "dictionary attack") then you are
> > really talking about an attack that is simply a matter of "rate".
> > In other words these ten hosts are requesting legitimate web pages
> > from your site at a very high rate (perhaps tens or hundreds of
> > requests per second).
> >
> > If that's the case then the tool for that is apache "mod evasive" -
> > not fail2ban.
>
>
> I'm not sure how mod_evasive would be helpful here. It is said to check
> for:
>
> - Requesting the same page more than a few times per second
> - Making more than 50 concurrent requests on the same child per second
> - Making any requests while temporarily blacklisted
>
> None of that would have triggered in my scenario. Am I missing
> something?
>
> - Grant
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
