Stephanie,
Y'know, it's weird that such a technically simple attack still has no
commonly implemented defenses. I would venture to say that you can
knock out the majority of webservers on the Internet today with a very
small shell script that telnets to it a bunch of times on port 80 and
leaves th
It was thus said that the Great Sergey Tsalkov once stated:
>
> Hey guys.. My Apache was hit with a DoS attack, where the attacker was
> opening connections to the server and not sending any data. It quickly
> reached the MaxClients limit and prevented any further connections to
> the server.
>
>
On 5/28/06, Sergey Tsalkov <[EMAIL PROTECTED]> wrote:
Anyone have any suggestions?
What you've described doesn't really look like a dangerous DOS-attack.
If clients just open connections and stay idle, there's a lot of good
workarounds:
1) lower timeout, and raise number of listening servers
2
On Sunday 28 May 2006 21:23, Sergey Tsalkov wrote:
> I'm using Apache 1.3.36.
*sigh*. Of course a server that's been obnsolete for more than
four years isn't up to date. Any 1.x server leaves you with every
connection tying up an entire process.
> mod_choke
Never heard of it.
> Nick, you ment
I'm using Apache 1.3.36. mod_choke is supposed to be able to limit the
number of connections per IP, but fails to do so for the reason
discussed earlier in this thread. mod_evasive, and anti-DoS tool, also
failed to stop the attack.
Nick, you mentioned that Apache 2.2 has built-in countermeasures
On Sunday 28 May 2006 19:23, Sergey Tsalkov wrote:
> This is very wrong. I can't figure out why Apache doesn't have any
> defense against such an obvious attack -- even the connection limiting
> modules can't help because they have no way of knowing that all the
> requests are coming from the same
On 5/28/06, Sergey Tsalkov <[EMAIL PROTECTED]> wrote:
This is very wrong. I can't figure out why Apache doesn't have any
defense against such an obvious attack -- even the connection limiting
modules can't help because they have no way of knowing that all the
requests are coming from the same IP
This has nothing to do with the server's ability to serve the content.
Heck, I can even reproduce the effect myself. If I simply run "telnet
localhost 80" from the server, a line like:
2-2 14313 0/3/52 R 0.024 3 0.0 0.010.09
? ? ..reading..
is
Error 408 means request timeout. Make sure your server isn't having an
issue serving the content.
If you can verify that it is an attack, then read the following; otherwise,
skip it.
While I will leave the Apache modding suggestions to the people here who are
sure to do so ... let me give you th
