Syv Ritch schrieb:
media Formel4 wrote:
- How can I secure this server and/or stop this attack?
I think that you are looking at wrong point. Preventing a DDOS is not the job of the web server, but the job of the router/firewall. "Real routers/firewalls" will deal easily with these problems.
Sure - but therefore you need your own network environment. I'm talking about a root server. No chance (right now) to place a hardware firewall in front.
- No spoofing of IPs through validation where the packet comes from... - No fragmented packets - Limit the number of open/unfinished connections...
Is there a way to set this up with iptables? I know there are things like --limit and --iplimit inside - but that won't help me with the attack which is set by full established HTTP connections which simply don't carry a request...