Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-07-2012, 06:35 AM   #1
Registered: Oct 2005
Posts: 321

Rep: Reputation: 32
http dos attack

I have a running apache server and I notice that the load of the server is quite HIGH. I just discovered that there are lots of GET query on the access log. It seems there are 5-10 get every seconds and this came from different ip address. I tried to put iptables and put the ff:

iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP

iptables -I INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
This work but the access on the apache also slows down.

Any suggestions on this brute force attack?
Old 03-07-2012, 07:44 AM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
It looks like from your iptables entries you are using two methods: connection rate limit and syn packet limits. You really should try to find evidence of the exact mechanism being applied so that you can tailor your solution. Based on the idea that these are full fledged GET requests, you might want to consider adding mod_evasive. See the following for a little more information:
Old 03-07-2012, 07:46 AM   #3
Registered: Oct 2005
Posts: 321

Original Poster
Rep: Reputation: 32

After researching, I bump to mod_evasive and will install it later.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent DNS DoS attack vikas027 Linux - Software 5 05-31-2010 11:39 PM
DoS attack? port 22 templeton Linux - Security 1 11-11-2008 03:48 PM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:22 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration