On Monday 10 May 2004 23.23, Peter Klein wrote: > Hi guys, > > I've lately experienced excessive Apache-usage (to be clear: several > hundered open connections in a very short time) to one of my servers. > And I believe that FTP etc. are also subject to similar attacks. For > Apache it resulted in problems that all processes were in state > "reading" without actually doing anything ... a simple but efficient > DOS for the httpd-process, that also caused it to die immediately. > > Can you give me any suggestions how to set up basic > iptables-filtering-rules easily and how to prevent such abusive > connections? You can do something like # iptables -A INPUT -m state --state NEW \ -m limit --rate 5/s --limit-burst 50 -p tcp --dport www -j ACCEPT # iptables -A INPUT -m state --state NEW -p tcp --dport www -j DENY Be sure to adjust to your usual load. And of course, this will just prevent the load on the machine to go over the top, so that the requests that came through will be handled quickly. It will still let whoever wishes to DDOS your webserver for requests from the outside. greetings -- vbi -- "Ho visto astronauti al ristorante chiedere il conto alla rovescia." -- Da it.hobby.umorismo
Attachment:
pgph1k2LPoeaQ.pgp
Description: signature