Forum OpenACS Q&A: Response to How to bypass rp_filter: Nimba Worm

Posted by David Walker on
my solution (using linux) is to exec a script using sudo that calls
a script that calls ipchains and adds their IP to an ipchains block
list and then does an ns_conn close.

It appears to me that this makes their client wait, thinking the
connection is still open while on the server side the connection is
closed and no extra server resources are expended.  I don't know how
big the block list can get before it affects linux performance but I
have a cron job clear it periodically.

I can post the scripts and instructions if anyone is interested.