Pacemaker 0.4 review
DownloadPacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your netw
|
|
Pacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your network. Pacemaker catches things like Windows worm scans, port scans, P2P network traffic, and anything else that tries to go beyond the normal number of connections a standard machine should use. The machine needs to abuse the network for two minutes before pacemaker will mark the IP address to be ratelimited. Also, a machine will stay marked for as many minutes as it has abused the network.
Pacemaker uses iptables to mark packets for specific IP addresses it determines are abusing the network resources. Once the packets are marked iproute2 and tc can filter and ratelimit the traffic to whatever speed you want.
In order to use pacemaker you will need to have the latest iptables, a kernel that can handle iptables packet mangling, a network sniffer (currently only tcpdump or tethereal are
supported) and the lastest iproute2+tc tools.
First add a class to your ratelimiting system. There is an example provided (what I use currently) in htb-qdisc-example-eth0 or htb-qdisc-example-eth1.
open 'pacemaker' and change the defaults to your local settings.
run 'make install'
What's New in This Release:
Fixed documentation listing required software.
Pacemaker 0.4 keywords