Greetings everyone! Can you send me a copy please Bruno of your Statefull Inspection info sheet! PS - I have some ideas on how to STOP Apache being used for DrDOS attacks, but I don't really have time to do the coding! The idea is for Apache to keep a table with a counter for each NEW pending connection, and it's associated IP source address. When the counter for a particular IP address reaches a certain amount of open pending new connections that are not fulfilled in a certain time limit, then ALL the pending new connections are discarded, then a filter could also kick-in to filter out and prevent any further new connections being established from the dropped IP source address, for a certain amount of time, perhaps an hour or more. These limits could be set in httpd.conf. I'm not sure if anyone is working on this in the Apache dev group. I did wonder if it was possible to do this with IPTables, but AFAIK, there is no way to keep a count of each IP source address. As Apache stores the source IP addresses for the connections it is waiting for an ACK packet from, I thought this could be the easiest way to implement this. Has anyone else on the list any ideas on this? Kind Regards - Keith Roberts On Mon, 25 Aug 2003 BLeonhardt@analytek.de wrote:
Hi,
if somebody is interested of the definition of Stateful Inspection I could send you a Sheet by Checkpoint ( they developed stateful inspection ) where exactly is defined what stateful inspection is - and what it does.
Mit freundlichen Grüßen / Best regards Bruno Leonhardt
LPI Level 1 Certified Watchguard Certified System Professional CLP Domino R5 Systemadministrator
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here