Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » [Request] Add to limit connections to port per IP-addresses. (Add to limit connections to port per IP-addresses.)  () 1 Vote

Messages: 2
Karma: 0
Send a private message to this user
I ask the developers of the program to add the settings FireWall new opportunity:
Limit the number of connections to a local port with a single IP-address.

Encountered a problem when there is DDoS attack on HTTP-server (Apache).
- Create approximately 1000 connections per IP-Addresses ...

Messages: 387
Karma: 84
Send a private message to this user
Sounds like a good feature request to me. You can obviously already set up an connection limit per host but this wouldn't help in a true DDoS situation. Did you have the IDS/IPS setting on drop by the way ? This could also help as the nodes might have been in networks already classified as dubious.

Question for Kerio, what is the correct way to file Control feature requests ? (as there is no user voice system at the moment) Is it still via as is indicated here in 2006

- the Netherlands
- Belgium
- Luxembourg

Messages: 2
Karma: 0
Send a private message to this user
In addition to DDos-attack, there are other methods of plugging the port.
You can create every 100 ms for example and emulate connection to send requests to the HTTP-server (Apache), which will heavily load it as a Dos-attacks will not be determined!
It is therefore necessary function ogranichivaniya number of connections on a port with an IP-address.
In FireWall WIPFW is a function for example.
- Ipfw add allow tcp from any to me setup limit src-addr 4

Messages: 332
Karma: 5
Send a private message to this user
This sound good.
Download/Upload speed per IP?

Question cannot be stupid, but some of the answers can.
Previous Topic: VPN Problem.
Next Topic: Problem with LAN and WAN activated at the same time
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 01:26:38 CET 2017

Total time taken to generate the page: 0.00355 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.