jgmdev / ddos-deflate

Fork of DDoS Deflate with fixes, improvements and new features.
Other
774 stars 264 forks source link

Max amount of connections per subnet for a defined amount of simultaneous clients. #52

Open jgmdev opened 6 years ago

jgmdev commented 6 years ago

The idea would be to add the functionality to block a subnet with simultaneous connections into the server when exceeding a maximum allowed number of connections per subnet that gets activated when the number of clients on the same subnet reach a defined amount.

For example, lets say the following ip addresses belonging to same block/subnet have opened connections to your server:

Conn.      IP
------------------------
80         1.1.1.1
85         1.1.1.2
99         1.1.1.3
30         1.1.1.4

So the sum of total connections would be 294 for 4 clients that belong to the same subnet. Now lets assume we have this new rules: MAX_SUBNET_CONNS=250 for MAX_SUB_CLIENTS=3

This would mean allow a maximum of 250 connections for a whole subnet when 3 or more clients from the same subnet are connected. The example given above would result in blocking all the subnet ip addresses, this way it may be more possible to stop attacks coming from some one controlling equipment behind the same address space.

Ideas, suggestions and point of views are welcome :)