Re: [suse-security] Under DDoS Attack

[media Formel4 <info@xxxxxxxxxx>]

I don't think that works out. Whenever I might send a FIN - what 
prevents my Apache from being attacked from the same bot after seconds 
again?

This is the same with reducing the timeout. Whenever I do this, I only 
raise the load of the server - but the same IP numbers keep bullying my 
Apache again and again...

Thanks,

Ralf

suse@xxxxxxxxxxxx schrieb:
> What about if you could modify your script to tell apache 
> via localhost that those connections are finished.
>
> So as the bad packets attack apache with half-opened 
> connections, as your script identifies those rouge 
> connections, your script spoofs some packets locally on your 
> machine, and sends them to apache, telling it those 
> connections are FINished and no longer needed?
>
> Would that work?
>
> Regards - Keith Roberts
>
>
> On Thu, 27 Oct 2005, media Formel4 wrote:
>
>
> > That might be worth a thought. Right now I've got a script running
> > checking the web server and when MaxClients is reached for more then 20
> > seconds, all IPs are collected and every IP that was more then 5 times in
> > that collection get blocked. I've got now a list of more then 4700 IPs
> > blocked and the attack is still going on...

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here