httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ServerForge Administration <ad...@serverforge.net>
Subject Re: [users@httpd] DoS against apache
Date Mon, 30 Aug 2004 02:51:59 GMT
ok, I am reeeeeally feeling foolish right about now. I have been working 
on this problem for a few days now, and holding off on sending a message 
to a board like this because I also personally hate when people tell me 
that something is 'broken' and I should 'fix it' without researching the 
problem for themselves. Well lo and behold almost as soon as I hit send 
on the message I had a flash of inspiration.... the server is configured 
to rate limit syns.... so all that was happening was my firewalling was 
not allowing more than 10 syns per second, meaning a large number of 
connections were dropped. I turned off the syn rate limiting, and it 
sprang back to life suddenly. I'll go and beat myself up, you don't have 
to do it for me. sorry for wasting your time.

Chris Zakelj wrote:

> I can speculate that yet another w32 worm is in the process of 
> breaking, this one attempting to connect to an IRC server that you're 
> not running (NICK is an IRC command to set one's nickname).  My guess 
> is either the intended server used to have your IP address, or some 
> kiddie made a goof.  As for why your system is being floored by it, 
> you haven't told us what kind of hardware you've got, just your OS and 
> Apache versions.
>
> ServerForge Administration wrote:
>
>> 217.44.74.225 - - [29/Aug/2004:22:21:00 -0400] "NICK D3V1L-622283" 
>> 400 - "-" "-"
>>
>> My question really is does anyone know what this attack is, and does 
>> anyone know a better way to filter it... as 1kb a second of data 
>> should not be enough to floor apache.
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message