[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Under DDoS Attack
I don't think that works out. Whenever I might send a FIN - what
prevents my Apache from being attacked from the same bot after seconds
This is the same with reducing the timeout. Whenever I do this, I only
raise the load of the server - but the same IP numbers keep bullying my
Apache again and again...
What about if you could modify your script to tell apache
via localhost that those connections are finished.
So as the bad packets attack apache with half-opened
connections, as your script identifies those rouge
connections, your script spoofs some packets locally on your
machine, and sends them to apache, telling it those
connections are FINished and no longer needed?
Would that work?
Regards - Keith Roberts
On Thu, 27 Oct 2005, media Formel4 wrote:
That might be worth a thought. Right now I've got a script running
checking the web server and when MaxClients is reached for more then 20
seconds, all IPs are collected and every IP that was more then 5 times in
that collection get blocked. I've got now a list of more then 4700 IPs
blocked and the attack is still going on...
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here