Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack...
  • From: media Formel4 <info@xxxxxxxxxx>
  • Date: Thu, 27 Oct 2005 15:55:07 +0200
  • Message-id: <4360DC3B.3000005@xxxxxxxxxx>
e.mueller schrieb:


- How can I secure this server and/or stop this attack?


Are you sure it is an attack in the first place? I would try to look in the connects first with tcpdump to distinguish between your webserver being mentioned on for example slashdot or heise and an DDOS attack ...

That is what I did. Checking with strace and tcpdump shows, that after opening the connection there is no data transmitted until the Apache process times out.

Also: If it is a huge mass of regular connections, you should get at least notifications in the access_log.

Thanks,

Ralf

< Previous Next >