Re: counter apache DoS attacks?

From: Duncan Patton a Campbell is Dhu (campbell@neotext.ca)
Date: 07/30/02 

From: "Duncan Patton a Campbell is Dhu" <campbell@neotext.ca>
To: Colin Faber <cfaber@fpsn.net>, Cyrus <cyrus@odsource.com>
Date: Mon, 29 Jul 2002 17:59:16 -0600

For this to work depends on some things. Is it always the same
boxes doing the requests? Same set of boxes? Also, if memory
is the problem, not band, there is some kind of apache setting
that causes the daemons to suicide and respawn after a
<parameter>
number of connections which frees up any memory leaked by
the process. It may be you have apache set up to not do this
(which is possible to do).

Duncan Patton a Campbell is Duibh ;-)

---------- Original Message -----------
From: Colin Faber <cfaber@fpsn.net>
To: Cyrus <cyrus@odsource.com>
Sent: Mon, 29 Jul 2002 12:09:30 -0600
Subject: Re: counter apache DoS attacks?

> ipfw add deny tcp from <ip/mask> to any 80
>
> ;-)
>
> Cyrus wrote:
> >
> > Several people get their jollies off by having differnet
servers
> > infinitely request my main page thousands of times each
therefore shooting
> > my memory to poo and a lot of bandwidth. But my problem is
the memory, not
> > the bandwidth. I've looked through mod_throttle and such,
not for me. Is
> > there anything out there that can automatically detect and
take an action
> > for this type of attack? I dunno...like use route on the
offenders IP and
> > such. But for it to do this automatically. Anyone have any
suggestions?
> > Thanks in advance.
> >
> > -Cyrus
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the
message
>
> --
> Colin Faber
> (303) 736-5160
> fpsn.net, Inc.
>
> * Black holes are where God divided by zero. *
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the
> message
------- End of Original Message -------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Apache doesnt free RAM
    ... After serving those requests Apache should free the allocated ... This apache process is using 100 MB memory ... Could it be PHP that is doing that? ...
    (comp.infosystems.www.servers.unix)
  • Re: ASP .NET poor performance. Memory going unused??
    ... 1315 context switches per second is a lot, especially on Windows 2003 server ... objects, again, effectively serializing your requests. ... create a lot of data in the memory the memory usage should be fairly static. ...
    (microsoft.public.dotnet.framework.performance)
  • Interpreting top, vmstat, and company
    ... wifi authentcation system. ... details, I'm running dhcpd, squid, and apache. ... I'm having a hard time accounting for the 3.8GB of inactive memory ... | 0 requests for sfbufs delayed ...
    (freebsd-questions)
  • Re: Memory fragmentation issue in kernel mode
    ... My direct I/O requests are asynchronous ones with 4 parallel ... Memory usage of the applications were looking normal. ... fragmentation, which is actually fragmentation of the system virtual ... application which will be accessing my device to test the driver. ...
    (microsoft.public.development.device.drivers)
  • Re: [00/17] Large Blocksize Support V3
    ... The number of requests that the driver can take is limited. ... I have a hard time believe that device hardware limits don't allow them ... date test on 32bit because the memory fragments faster. ... The bus pci/pcie/hypertransport already have block sizes below 4KB. ...
    (Linux-Kernel)