Dear Victim... I am not quite sure if it helps, but there is a possibility to limit the damage done to your server... Gediminas Grigas [home] wrote:
Hello,
So, i made my script to recognize his calls, and exit fast, so damage is now kind of minimal (like 5% of CPU and full logs of trash). However its sad to think that there is not much i can do, except wait when this guy gets bored.
Is there ANY chances fight against spoofed IP`s? Its surely one way call, however, server is very vulnerable to this. What if such guy gets on leased line - not on dial-up. He could make 100 calls/second with almost no chance to trace.
<a href="http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html#toc14">This</a> is a descriptions on how to setup the Linux TrafficControl to prevent Syn-Floods. If you just limit the number of SYN-Packets from that specific ISP to -maybe- 2 to 5 per second, you will still be reachable, but SYN-Flooding will be virtually impossible. On the other Hand: while that silly guy is Flooding, nobody from that ISP can reach you. Another Idea would be to use the "rinetd". I think rinetd first ACK the connection from outside and when the connection is built, it connects inside, therefore protecting the webserver from the load... but i dont know, if this is exactly what you needed... Well, my english is also quite funny, but nevertheless I hope, you´re being helped... Greetings, Lars Krisitan Klauske -- This Mail was sent by LKK11 lars.klauske@berlin.de Lars Kristian Klauske If privacy or security of communication is on your mind, feel free to establish a secure transmission using the PGP public key obtainable from http://klauske.myip.org/hucky/lars_kristian_klauske.pgp.publickey