2

Is there a way to monitor number of attempted Skype connections on a specified port and dynamically firewall off the offending IPs if they break a certain threshhold within a specific time limit - in Windows 7?

On a Linux box, though it's a bit crude, I know I could use wireshark or nstat and output to a file, then cron a job to grep through and then parse the data for number of attempted connections to a specified port, add a firewall rule to iptables, then truncate the log file for the next iteration, and I'm all set. I'm a bit lost on how to go about this or something similar on a Windows 7 box.

The situation I'm trying to solve is that I have several users that need Skype access. Resolving a skype username to IP is fairly simple and this has resulted in their machines being DDOS'd on occasion. While I know I could do this upstream on a full-fledged ASA or similar device, for various networking reasons I'm trying to find a solution that can be implemented on the users computer. White-listing and blocking everybody else is not an option.

Thanks for any input or ideas on this.

Peter
  • 252
  • 2
  • 14

1 Answers1

2

Implement rate limiting on connections being sent out FROM your router TO your internal addresses on port 2398 (Skype).

In Linux, it's not crude at all. You'd use a rate limiter on your FORWARD chain like so:

iptables -A OUTPUT -p tcp --dport 2398 -o eth1 -m state --state NEW \
    -m recent --set
iptables -A OUTPUT -p tcp --dport 2398 -o eth1 -m state --state NEW \
    -m recent --update --seconds 60 --hitcount 4 -j DROP

Windows? Sorry. Left as an exercise for the reader, but the pieces are there ^

MikeyB
  • 40,079