Well, I now feel all grown up - I've just had my first DOS attack!

Having had a squiz at netstat at the time and my Apache logs, the theory of preventing recurrence should be quite simple.

Before I go off re-inventing the wheel, can anyone point me to a tool that can watch for the number of incoming connections per IP per second then, if a threshold is exceeded for, say, five seconds, write an iptables rule (or is it ipchains now - can never remember which is the old or the new) to block that IP for, say, half an hour, then open it up again.

Second offence gets permanent block and coordinates of offending ISP sent to the Pentagon tagged "believed current location of Osama Bin Laden". (Much easier than complaints to abuse addresses that never get answered )