LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page http dos attack
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-07-2012, 06:35 AM   #1
packets
Member
 
Registered: Oct 2005
Posts: 339

Rep: Reputation: 32
http dos attack

I have a running apache server and I notice that the load of the server is quite HIGH. I just discovered that there are lots of GET query on the access log. It seems there are 5-10 get every seconds and this came from different ip address. I tried to put iptables and put the ff:

Code:
iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP

iptables -I INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
This work but the access on the apache also slows down.

Any suggestions on this brute force attack?
 
Old 03-07-2012, 07:44 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
It looks like from your iptables entries you are using two methods: connection rate limit and syn packet limits. You really should try to find evidence of the exact mechanism being applied so that you can tailor your solution. Based on the idea that these are full fledged GET requests, you might want to consider adding mod_evasive. See the following for a little more information: http://www.zdziarski.com/blog/?page_id=442
 
Old 03-07-2012, 07:46 AM   #3
packets
Member
 
Registered: Oct 2005
Posts: 339

Original Poster
Rep: Reputation: 32
@Noway2

After researching, I bump to mod_evasive and will install it later.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent DNS DoS attack vikas027 Linux - Software 5 05-31-2010 11:39 PM
DoS attack? port 22 templeton Linux - Security 1 11-11-2008 03:48 PM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:07 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration