Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: suse@xxxxxxxxxxxx
  • Date: Thu, 27 Oct 2005 16:53:38 +0100 (BST)
  • Message-id: <Pine.LNX.4.61.0510271648420.32531@xxxxxxxxxxxx>

What about if you could modify your script to tell apache
via localhost that those connections are finished.

So as the bad packets attack apache with half-opened
connections, as your script identifies those rouge
connections, your script spoofs some packets locally on your
machine, and sends them to apache, telling it those
connections are FINished and no longer needed?

Would that work?

Regards - Keith Roberts


On Thu, 27 Oct 2005, media Formel4 wrote:

> That might be worth a thought. Right now I've got a script running
> checking the web server and when MaxClients is reached for more then 20
> seconds, all IPs are collected and every IP that was more then 5 times in
> that collection get blocked. I've got now a list of more then 4700 IPs
> blocked and the attack is still going on...

< Previous Next >
Follow Ups