perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Perrin Harkins <per...@elem.com>
Subject Re: Strategy against 'trivial' DOS attacks?
Date Mon, 12 May 2003 19:33:59 GMT
On Mon, 2003-05-12 at 15:12, Stathy G. Touloumis wrote:
> http://freshmeat.net/projects/mod_dosevasive/?topic_id=43
> 
> This module can probably handle what is being asked.

Again, this is not a problem of request volume.  The attacker is just
opening a telnet connection to the server and sitting there.  Apache
modules will not get invoked at all.

This module is basically the same as mod_throttle.  I've done a custom
approach to this with mod_perl, using file storage based on one of
Randal's columns.  It was better than either of these because it worked
on a whole cluster using NFS and handled proxy servers (which appear as
a flood from one IP) by allowing cookie-based blocking.

Take a look at Randal's column to get some ideas of what can be done:
http://www.stonehenge.com/merlyn/LinuxMag/col17.html

For the problem described in this thread though, I think the timeout
option in apache and some iptables hacking are the only defense.

- Perrin

Mime
View raw message