I don't think that works out. Whenever I might send a FIN - what prevents my Apache from being attacked from the same bot after seconds again? This is the same with reducing the timeout. Whenever I do this, I only raise the load of the server - but the same IP numbers keep bullying my Apache again and again... Thanks, Ralf suse@karsites.net schrieb:
What about if you could modify your script to tell apache via localhost that those connections are finished.
So as the bad packets attack apache with half-opened connections, as your script identifies those rouge connections, your script spoofs some packets locally on your machine, and sends them to apache, telling it those connections are FINished and no longer needed?
Would that work?
Regards - Keith Roberts
On Thu, 27 Oct 2005, media Formel4 wrote:
That might be worth a thought. Right now I've got a script running checking the web server and when MaxClients is reached for more then 20 seconds, all IPs are collected and every IP that was more then 5 times in that collection get blocked. I've got now a list of more then 4700 IPs blocked and the attack is still going on...