Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: media Formel4 <info@xxxxxxxxxx>
  • Date: Thu, 27 Oct 2005 18:09:43 +0200
  • Message-id: <4360FBC7.5060904@xxxxxxxxxx>
I don't think that works out. Whenever I might send a FIN - what prevents my Apache from being attacked from the same bot after seconds again?

This is the same with reducing the timeout. Whenever I do this, I only raise the load of the server - but the same IP numbers keep bullying my Apache again and again...



suse@xxxxxxxxxxxx schrieb:
What about if you could modify your script to tell apache via localhost that those connections are finished.

So as the bad packets attack apache with half-opened connections, as your script identifies those rouge connections, your script spoofs some packets locally on your machine, and sends them to apache, telling it those connections are FINished and no longer needed?

Would that work?

Regards - Keith Roberts

On Thu, 27 Oct 2005, media Formel4 wrote:

That might be worth a thought. Right now I've got a script running
checking the web server and when MaxClients is reached for more then 20
seconds, all IPs are collected and every IP that was more then 5 times in
that collection get blocked. I've got now a list of more then 4700 IPs
blocked and the attack is still going on...

< Previous Next >
Follow Ups