[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Under DDoS Attack



I don't think that works out. Whenever I might send a FIN - what prevents my Apache from being attacked from the same bot after seconds again?

This is the same with reducing the timeout. Whenever I do this, I only raise the load of the server - but the same IP numbers keep bullying my Apache again and again...

Thanks,

Ralf

suse@xxxxxxxxxxxx schrieb:
What about if you could modify your script to tell apache via localhost that those connections are finished.

So as the bad packets attack apache with half-opened connections, as your script identifies those rouge connections, your script spoofs some packets locally on your machine, and sends them to apache, telling it those connections are FINished and no longer needed?

Would that work?

Regards - Keith Roberts


On Thu, 27 Oct 2005, media Formel4 wrote:


That might be worth a thought. Right now I've got a script running
checking the web server and when MaxClients is reached for more then 20
seconds, all IPs are collected and every IP that was more then 5 times in
that collection get blocked. I've got now a list of more then 4700 IPs
blocked and the attack is still going on...



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here