Hello, I`m recently under heavy attack from an l33t hax0r kiddie. Hes using lots of proxies to access my banner exchange (i mean real lots - hundrets and hundrets) - he was able to add new hosts faster than i was able to lock them out wit ipchains (like 10 hosts/min or so). So its ended by that i changed input policy to DENY and set ACCEPT only for lithuanian ISP`s (about 40 major subnets). But thats not solution, becouse system is now locked from outside Lithuania. However that kiddie started abusing my exchange from his real IP (an biggest ISP dial-up service). I cannot lock-out this ISP becouse i would lock 10.000 users as well. So i`m forced to monitor whats happening everytime and lock him once in a while, or server load will jump from 0.4 to 10.00 on my P-III 1Ghz host. I connot do anything in legal way - becouse we dont have anything in our law system against "l33t hax0rs", besides that isp has terrible support and monopoly, so it will probably even dont bother to respond to my requests. My question would be - is there an tool which could run with apache to automaticly lock host for some time if it tryies access system more that 10 times per minute or so? Could anybody pass me an idea how to fight against such attacks? On other hand - i remember someone once said that he has an "legal request to ISP against hackers" or so... some nice warning text to send to ISP on detection of intrusion or DoS. Could you please refer me to it? Sorry for my broken english. Hope you got the matter. P.S. Host running SuSE 7.1 with 2.2.x kernel Thanks -- Best regards, Gediminas Grigas Tel.: (2)226036; (86) 55362 Techninis direktorius Fax.: (2)627986 UAB "Dizaino kryptis" A.Jaksto 9-233, Vilnius, Lietuva 2001 mailto:gedas@kryptis.lt