perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Perrin Harkins <per...@elem.com>
Subject Re: Strategy against 'trivial' DOS attacks?
Date Mon, 12 May 2003 22:38:13 GMT
On Mon, 2003-05-12 at 18:25, mod_perl@att.net wrote:
> I then searched for apache module list. There is a patch to create a "Connection
> Timeout" directive to Apache. Unlike the built-in Timeout, it checks only at the
> initial connection circle. The patch works fine with Apache 1.23. I set
> Connection Timeout to be 5 seconds, and it works fine (with 1024 MaxClients).

That sounds like a good approach.  Ideally, you would also log the IP of
offending clients here, so you can block them with iptables. 
Incidentally, this could probably be done entirely in Perl with mod_perl
2.

> I am afraid that some legitimate slow modem users may be blocked too, because
> they do need more than 5 seconds to connect. Right ?

Possible, but 5 seconds is pretty long unless you have significant
traffic from international sources with poor connectivity.

> I also look at the iptables. But there seems no straightforward solution to
> this. I am think about to dump an ip list every 5 minutes or so for whole 24
> hours, so as to find the IP number(s), and then to block at the first place
> using iptables.

Good idea.  You could automate this so that any client that makes more
than a certain number of connections at once gets cut off.  Have you
already checked manually to be sure it isn't just one guy on a DSL line
doing this?

- Perrin

Mime
View raw message