[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Urgent! Need help with abuse-detection and prevention

On Monday 10 May 2004 23.23, Peter Klein wrote:
> Hi guys,
> I've lately experienced excessive Apache-usage (to be clear: several
> hundered open connections in a very short time) to one of my servers.
> And I believe that FTP etc. are also subject to similar attacks. For
> Apache it resulted in problems that all processes were in state
> "reading" without actually doing anything ... a simple but efficient
> DOS for the httpd-process, that also caused it to die immediately.
> Can you give me any suggestions how to set up basic
> iptables-filtering-rules easily and how to prevent such abusive
> connections?

You can do something like
# iptables -A INPUT -m state --state NEW \
	-m limit --rate 5/s --limit-burst 50  -p tcp --dport www -j ACCEPT
# iptables -A INPUT -m state --state NEW -p tcp --dport www -j DENY

Be sure to adjust to your usual load. And of course, this will just 
prevent the load on the machine to go over the top, so that the 
requests that came through will be handled quickly. It will still let 
whoever wishes to DDOS your webserver for requests from the outside.

-- vbi

"Ho visto astronauti al ristorante chiedere il conto alla rovescia."
		-- Da it.hobby.umorismo

Attachment: pgphZkqLgDVHQ.pgp
Description: signature

Reply to: