Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: Roland Kuhn <rkuhn@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 28 Oct 2005 15:15:05 +0200
  • Message-id: <C2B2F700-13C8-48EA-B2C8-8FCF288AA0F9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Hi!

On 27 Oct 2005, at 21:42, media Formel4 wrote:


I do have the ressources - but I'm running out of options how to use them to fight back the attackers.

The list of blocked IPs reached 10.000 in the meantime...

I'd recommend writing a small connection proxy program which listens on port 80, takes the connections and forwards only the requests which come in to the apache (running on a different port). You'd run into the 1024 filedescriptor limit, but then you can always reap the oldest 'empty' connection as soon as you reach 1000. Should work as long as the rate of these empty connection openings is not in the kHz range ;-)

But, alas, no time to code it up right now. :-(

Ciao,
Roland

--
TU Muenchen, Physik-Department E18, James-Franck-Str. 85747 Garching
Telefon 089/289-12592; Telefax 089/289-12570
--
A mouse is a device used to point at
the xterm you want to type in.
Kim Alm on a.s.r.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GS/CS/M/MU d-(++) s:+ a-> C+++ UL++++ P-(+) L+++ E(+) W+ !N K- w--- M + !V Y+
PGP++ t+(++) 5 R+ tv-- b+ DI++ e+++>++++ h---- y+++
------END GEEK CODE BLOCK------


< Previous Next >
List Navigation
Follow Ups