perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: Strategy against 'trivial' DOS attacks?
Date Thu, 08 May 2003 00:51:54 GMT
Gerd Knops wrote:
> Hi,
> 
> Lately one of our servers has been subjected to a very trivial but 
> effective DOS attack: The attacker would simply open sessions (aka 
> telnet <server> 80) and not send any data. By default an apache child 
> would sit for 300 seconds and effectively be blocked. Just a handful of 
> those, and all available apache instances are blocked. The attacker 
> doesn't even need a high bandwidth pipe to do this. Even if the timeout 
> is reduced, it still doesn't need much to block the server.
> 
> So how does one defend against this? Is there a (simple) mod-perl way of 
> detecting timed out sessions, then blocking the involved IP? It needs to 
> be simple and not require external hardware, as I have to replicate it 
> over several dozen (non-clustered) servers.
> 
> Any ideas?

Since they send nothing at all, you can't possibly provide a mod_perl 
solution, since mod_perl is not going to be invoked at all.

Try lowering the timeout:
http://httpd.apache.org/docs/mod/core.html#timeout
though read the warning in that section.

I think there are many non-Apache tools exist to prevent this kind of attacks, 
because it's a generic attack of opening the connection and doing nothing.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


Mime
View raw message