After reading the article,
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/02/09/MN23532.DTL
I am wondering if FreeBSD should take any action to protect our users.
I think it would speak incredibly highly of FreeBSD if Yahoo and other
"customers" were to have some kind of protection from such an attack. My
initial thoughts are:
A web server should know its limitations and not attempt to handle more
requests than it can manage. It should invoke a service cutoff of any
and all users that cause excessive loading over a measured interval of
time. Essentially, the machine would have to track all requests, rank
them as to how much effort/resources they require, and then
"integrate" this data over a fixed time period. If the overall load is
higher than an acceptable threshold, the most offensive clients get
"ignored" for a fixed period of time. This will, no doubt, ignore a
small number of legitimate users; however, that's far better than not
serving anyone.
Additionally, the server could log this activity which would make it
possible to contact the owners/operators of these most offensive
systems. With any luck, this could help them realize that their sites
are being hacked into and they could take corrective action to prevent
future attacks. If we let them know that FreeBSD identified their
problem, it might even be an excellent marketing move for us. Comments
Anyone?
Regards,
Ed
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
