perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ask Bjoern Hansen <...@develooper.com>
Subject Re: Strategy against 'trivial' DOS attacks?
Date Mon, 12 May 2003 16:23:49 GMT

On Wednesday, May 7, 2003, at 17:15 America/Los_Angeles, Gerd Knops 
wrote:

> Lately one of our servers has been subjected to a very trivial but 
> effective DOS attack: The attacker would simply open sessions (aka 
> telnet <server> 80) and not send any data. By default an apache child 
> would sit for 300 seconds and effectively be blocked. Just a handful 
> of those, and all available apache instances are blocked. The attacker 
> doesn't even need a high bandwidth pipe to do this. Even if the 
> timeout is reduced, it still doesn't need much to block the server.
>
> So how does one defend against this? Is there a (simple) mod-perl way 
> of detecting timed out sessions, then blocking the involved IP? It 
> needs to be simple and not require external hardware, as I have to 
> replicate it over several dozen (non-clustered) servers.

I too would make the suggestion of having many proxy processes/threads 
in front of your mod_perl processes.

FreeBSD has an optional feature that makes it only send the request to 
the httpd when it has the full HTTP request. It breaks HTTP/0.9, but it 
would make the attack you mention much harder to carry out.


  - ask

-- 
http://www.askbjoernhansen.com/


Mime
View raw message