>I've been an unfortunate target of various script-kiddies/worms and have >configured apache to perform something like this on all incoming requests >containing bad URI's: > >route -n add <evil IP> gw <bogus local host> > >The only concern I have is will this cause performance problems? I've got >about 10 so far and I just put it up about 24hrs ago
At the rate mentioned, this should not cause performance problems. Be aware, though, that this does still allow incoming SYN's from evil IPs. Your machine will then SYN-ACK to your bogus local host gateway, resulting in the TCP session never being established. At a rate of 10 per 24 hours, this doesn't matter too much. At a high rate, though, this can become a quite serious problem as you consume all of your incoming ports with half established TCP sessions faster than those half established TCP sessions time out. Another possible complication is with regards to future troubleshooting of routing issues since you are effectively turning your Linux server into a router. And yet another possible complication is that if Apache receives packets that have forged source IP addresses, you will be null routing those forged (innocent) IP addresses.