httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Conner <...@conman.org>
Subject Re: [users@httpd] Connection flood: how to protect?
Date Tue, 14 Apr 2009 20:13:38 GMT
It was thus said that the Great Kanstantin Reznichak once stated:
> Hello,
> 
> Thank you for reply. Unfortunately, mod-limitipconn seems to act too late.
> After installing and enabling it:
> <Location />
>   MaxConnPerIP 15
> </Location>
> 
> Netstat shows:
> # netstat -atn
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
> tcp        0      0 (MY-SERVER-IP):80       (ATTACKER-IP):3930      SYN_RECV
> tcp        0      0 (MY-SERVER-IP):80       (ATTACKER-IP):3316      SYN_RECV
> tcp        0      0 (MY-SERVER-IP):80       (ATTACKER-IP):4147      SYN_RECV
> tcp        0      0 (MY-SERVER-IP):80       (ATTACKER-IP):3854      SYN_RECV
> tcp        0      0 (MY-SERVER-IP):80       (ATTACKER-IP):1500      SYN_RECV

  That's a SYN flood, and I've been on the receiving end of those, and I've
wrote about what I did to reduce the problem under Linux.

	http://boston.conman.org/2005/08/11.2 (summary of the link below)
	http://boston.conman.org/2004/01/04.2

  Hopefully, some of that is helpful to you.

  -spc


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message