perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerd Knops <ge...@bitart.com>
Subject Strategy against 'trivial' DOS attacks?
Date Thu, 08 May 2003 00:15:45 GMT
Hi,

Lately one of our servers has been subjected to a very trivial but 
effective DOS attack: The attacker would simply open sessions (aka 
telnet <server> 80) and not send any data. By default an apache child 
would sit for 300 seconds and effectively be blocked. Just a handful of 
those, and all available apache instances are blocked. The attacker 
doesn't even need a high bandwidth pipe to do this. Even if the timeout 
is reduced, it still doesn't need much to block the server.

So how does one defend against this? Is there a (simple) mod-perl way 
of detecting timed out sessions, then blocking the involved IP? It 
needs to be simple and not require external hardware, as I have to 
replicate it over several dozen (non-clustered) servers.

Any ideas?

Thanks

Gerd


Mime
View raw message