tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brantley Hobbs <sbho...@uga.edu>
Subject Re: Stop Hack attack
Date Fri, 03 Oct 2008 12:09:57 GMT
Mark Thomas wrote:
> Karthik Nanjangude wrote:
>   
>> Hi
>>
>> SPEC ( Single box)
>> O/s : Unix 11
>> J2sdk  : 1.6
>> DB : Oracle10g
>> TOMCAT 6.0.18.0
>> RAM  16 GB
>>
>>
>>
>> A normal WEB application [ User id / Passwd for AAA ] on the following spec  is successfully
running LIVE  [  non  clustered mode  ]
>>
>> Question :  Some hacker is trying to bring the System down by polling the sending
continuous  HTTP request  very frequently [ We logged the client IP  address],
>>                  The WEB application cannot be configured to HTTPS (Client disapproval)
>>                  Is there any way within tomcat design to prevent the same from malicious
attack?
>>     
>
> You can limit the impact on Tomcat by blocking them with a Remote Address
> Filter (http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html)
>
> However, the earlier you can block them the better. If you can block that
> IP at a firewall before they get to your box that would be better. Failing
> that block the IP with iptables (or the equivalent on your platform) on the
> server.
>
> HTH,
>
> Mark
>   
Mark is right.  In any case, SSL wouldn't even slow this kind of attack 
down; it's only encryption....not authentication.  SSL will actually 
make it slightly worse since Tomcat has to work harder to decrypt and 
encrypt the traffic.  Filtering by IP is a good solution here, but if 
this is your first publicly exposed website be prepared:  This happens 
all the time, and the client IP's will be wildly different...you can't 
possibly filter them all.  You might consider a good IPS between you and 
the Internet at large.  One example of a good free solution is 
Untangle.  You can buy support as well if it makes you more 
comfortable.  There's also dedicated "appliances" for this as well.

Brantley


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message