Fail2Ban monitors log files like /var/log/pwdfail or /var/log/apache/error_log and bans failure-prone addresses. It updates firewall rules to reject the IP address or executes user defined commands.
Please see code and download from https://github.com/fail2ban/fail2ban . SF Fail2ban portal might not be up-to-date
Detect Flooder IPs, Reduce Attack Surface against HTTP Flood Attacks
This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive)
You can use this module by including "iosec.php" to any PHP file which wants to be protected.
You can test module here: http://www.iosec.org/test.php (demo)
Watch the Proof of Concept video:...
inundator is a tool used to anonymously inundate intrusion detection logs with false positives to obfuscate a real attack, leaving the IDS analyst feeling completely inundated.
The Master-Slave project is directly related to the Snort IDS to dynamically create rules into iptables firewall. It could send the attacker IP address to others machines into the circuit that will block the IP address before any attack from the intruder