Re: Urgent! Need help with abuse-detection and prevention
On Monday 10 May 2004 23.23, Peter Klein wrote: > Hi guys, > > I've lately experienced excessive Apache-usage (to be clear: several > hundered open connections in a very short time) to one of my servers. > And I believe that FTP etc. are also subject to similar attacks. For > Apache it resulted in problems that all processes were in state > "reading" without actually doing anything ... a simple but efficient > DOS for the httpd-process, that also caused it to die immediately. > > Can you give me any suggestions how to set up basic > iptables-filtering-rules easily and how to prevent such abusive > connections? You can do something like # iptables -A INPUT -m state --state NEW \ -m limit --rate 5/s --limit-burst 50 -p tcp --dport www -j ACCEPT # iptables -A INPUT -m state --state NEW -p tcp --dport www -j DENY Be sure to adjust to your usual load. And of course, this will just prevent the load on the machine to go over the top, so that the requests that came through will be handled quickly. It will still let whoever wishes to DDOS your webserver for requests from the outside. greetings -- vbi -- "Ho visto astronauti al ristorante chiedere il conto alla rovescia." -- Da it.hobby.umorismo pgp749bqGu9Wx.pgp Description: signature
Re: Urgent! Need help with abuse-detection and prevention
On Monday 10 May 2004 23.23, Peter Klein wrote: > Hi guys, > > I've lately experienced excessive Apache-usage (to be clear: several > hundered open connections in a very short time) to one of my servers. > And I believe that FTP etc. are also subject to similar attacks. For > Apache it resulted in problems that all processes were in state > "reading" without actually doing anything ... a simple but efficient > DOS for the httpd-process, that also caused it to die immediately. > > Can you give me any suggestions how to set up basic > iptables-filtering-rules easily and how to prevent such abusive > connections? You can do something like # iptables -A INPUT -m state --state NEW \ -m limit --rate 5/s --limit-burst 50 -p tcp --dport www -j ACCEPT # iptables -A INPUT -m state --state NEW -p tcp --dport www -j DENY Be sure to adjust to your usual load. And of course, this will just prevent the load on the machine to go over the top, so that the requests that came through will be handled quickly. It will still let whoever wishes to DDOS your webserver for requests from the outside. greetings -- vbi -- "Ho visto astronauti al ristorante chiedere il conto alla rovescia." -- Da it.hobby.umorismo pgp0.pgp Description: signature
Urgent! Need help with abuse-detection and prevention
Hi guys, I've lately experienced excessive Apache-usage (to be clear: several hundered open connections in a very short time) to one of my servers. And I believe that FTP etc. are also subject to similar attacks. For Apache it resulted in problems that all processes were in state "reading" without actually doing anything ... a simple but efficient DOS for the httpd-process, that also caused it to die immediately. Can you give me any suggestions how to set up basic iptables-filtering-rules easily and how to prevent such abusive connections? Your urgent help would be really much appreciated. Kind regards, Paul Bergdörfer _ Die ultimative Fan-Seite für den MSN Messenger http://www.ilovemessenger.de Emoticons und Hintergründe kostenlos downloaden!
Urgent! Need help with abuse-detection and prevention
Hi guys, I've lately experienced excessive Apache-usage (to be clear: several hundered open connections in a very short time) to one of my servers. And I believe that FTP etc. are also subject to similar attacks. For Apache it resulted in problems that all processes were in state "reading" without actually doing anything ... a simple but efficient DOS for the httpd-process, that also caused it to die immediately. Can you give me any suggestions how to set up basic iptables-filtering-rules easily and how to prevent such abusive connections? Your urgent help would be really much appreciated. Kind regards, Paul Bergdörfer _ Die ultimative Fan-Seite für den MSN Messenger http://www.ilovemessenger.de Emoticons und Hintergründe kostenlos downloaden! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
