media Formel4 wrote:
- Is it possible with spoofed IP numbers to establish connections to port 80? As far as I know you should get stuck after "SYN". I'm asking that, because tracing back the IPs in question I find very often unrouted areas and non-reachable (but maybe firewalled) IPs.
Also I found a group of 300 IPs coming from an american company network. I contacted them and they stated too, that those IPs were not in use and not routed right now...
- How can I secure this server and/or stop this attack?
I think that you are looking at wrong point. Preventing a DDOS is not the job of the web server, but the job of the router/firewall. "Real routers/firewalls" will deal easily with these problems. - No spoofing of IPs through validation where the packet comes from... - No fragmented packets - Limit the number of open/unfinished connections... Cisco Pix 501, 515... depending on size and volumes Cisco 1811... Not cheap but when configured properly, guaranteed to work. -- Thanks http://www.911networks.com When the network has to work Cisco/Microsoft