Re: Help Needed With DoS Attack

To: debian-user@lists.debian.org
Subject: Re: Help Needed With DoS Attack
From: koffiejunkie <koffiejunkielistlurker@koffiejunkie.za.net>
Date: Sun, 15 Jul 2007 13:59:37 +0100
Message-id: <[🔎] 469A1A39.0@koffiejunkie.za.net>
In-reply-to: <[🔎] 200707150751000608.00096F1D@smtp.yandex.ru>
References: <[🔎] 200707150751000608.00096F1D@smtp.yandex.ru>

Aenn Seidhe Priest wrote:

Hello,

a webserver is under attack.

What's required is some kind of filtering software and a firewall that
could do the following:

pass only valid HTTP GET requests and block all other HTTP methods (PUT,
OPTIONS, CONNECT, etc.), possibly validate HTTP GET requests by matching to
local paths;
optionally disable HTTP 1.1 requests;
block excessively long URLs;
have an extensions whitelist/blacklist;

I can't really help you with something that will do this automatically(although from what I've heard fail2ban might help).

The quickest way to nip a DOS in the butt is check your logs and netstat-ntap for the offending IP and do:


iptables -A INPUT -s <SOURCE_IP> -j DROP

With a DDOS this becomes more difficult, but usually the average DDOSerhave only so many zombies, and eventually you'll block them all.

Reply to:

Follow-Ups:
- Re: Help Needed With DoS Attack
  - From: "Aenn Seidhe Priest" <sidhepriest@yandex.ru>

References:
- Help Needed With DoS Attack
  - From: "Aenn Seidhe Priest" <sidhepriest@yandex.ru>

Prev by Date: Help Needed With DoS Attack
Next by Date: Re: debconf output
Previous by thread: Help Needed With DoS Attack
Next by thread: Re: Help Needed With DoS Attack
Index(es):
- Date
- Thread