I second Koryon's idea. You can also automatically ban this IP when it reaches a certain threshold, so it wouldn't be bothered by him changing hosts. Another problem is that some codebases limit the amount of incoming connections per pulse. This is actually a good idea in general because it limits the effectiveness of distributed DoS attacks, but in your case it would harm legitimate users due to their experiencing severe lag when trying to connect, even when the attacker has his IP banned. So I'd recommend attempting to accept a new connection when the connection you've accepted is banned, so you can kill all of his connections each time around. Depending on how you do this, it could hammer your CPU and disk resources, so you might want to optimize it with an in-memory ban table.
You might also want to get your administrator to write you a little script so that your mud can execute an IP ban on your own port using the system's internal firewall. This would probably be the optimal solution.
|