Denial of webserving attack prevention! - Unix

This is a discussion on Denial of webserving attack prevention! - Unix ; If someone is running, say, ab on my computer to prevent Apache from serving other requests, how do I block them? ie. it has to cut off that computer if too many requests are received in too short a span ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Denial of webserving attack prevention!

  1. Denial of webserving attack prevention!

    If someone is running, say, ab on my computer to prevent Apache from
    serving other requests, how do I block them? ie. it has to cut off that
    computer if too many requests are received in too short a span of time.

    How?





    Thanks,


  2. Re: Denial of webserving attack prevention!

    On Mon, 02 May 2005 14:57:18 -0700, themf wrote:

    > If someone is running, say, ab on my computer to prevent Apache from
    > serving other requests, how do I block them? ie. it has to cut off that
    > computer if too many requests are received in too short a span of time.
    >
    > How?


    Many firewalls have the option to limit the number of concurrent
    connections from an IP or a netblock. For Linux, have a look at connlimit.

    M4
    --
    Redundancy is a great way to introduce more single points of failure.


  3. Re: Denial of webserving attack prevention!

    >
    > Many firewalls have the option to limit the number of concurrent
    > connections from an IP or a netblock. For Linux, have a look at

    connlimit.

    Any way to get Apache to do it directly?


  4. Re: Denial of webserving attack prevention!

    On 2005-05-02, themf@graffiti.net wrote:
    > If someone is running, say, ab on my computer to prevent Apache from
    > serving other requests, how do I block them? ie. it has to cut off that
    > computer if too many requests are received in too short a span of time.
    >
    > How?
    >


    If they are running "ab" on your computer you might want to seriously
    think about removing that user from your computer. If they are doing
    malicious stuff they are obviously someone that you dont want around.

    --

    ( When in doubt, use brute force. -- Ken Thompson 1998 )

  5. Re: Denial of webserving attack prevention!


    >
    > If they are running "ab" on your computer you might want to seriously


    > think about removing that user from your computer. If they are doing
    > malicious stuff they are obviously someone that you dont want around.
    >


    Er - the guy running ab is on ANOTHER computer, not mine!


  6. Re: Denial of webserving attack prevention!

    On Tue, 03 May 2005 18:37:34 -0700, themf wrote:

    >>
    >> Many firewalls have the option to limit the number of concurrent
    >> connections from an IP or a netblock. For Linux, have a look at

    > connlimit.
    >
    > Any way to get Apache to do it directly?


    Not afaik, maybe the situation changed but when I looked into it several
    years ago, there was no apache only solution. But you might want to browse
    the modules list at www.apache.org to see if there is anything suitable
    nowadays. (And let us know if you find something).

    M4
    --
    Redundancy is a great way to introduce more single points of failure.


  7. Re: Denial of webserving attack prevention!

    On Sat, 07 May 2005 17:14:41 +0200, Martijn Lievaart wrote:
    > On Tue, 03 May 2005 18:37:34 -0700, themf wrote:
    >
    >>>
    >>> Many firewalls have the option to limit the number of concurrent
    >>> connections from an IP or a netblock. For Linux, have a look at

    >> connlimit.
    >>
    >> Any way to get Apache to do it directly?

    >
    > Not afaik, maybe the situation changed but when I looked into it several
    > years ago, there was no apache only solution. But you might want to browse
    > the modules list at www.apache.org to see if there is anything suitable
    > nowadays. (And let us know if you find something).


    Pretty sure you can change what content is sent to which client
    by IP address, and am I imagining a mod_throttle or did I read about
    it once? Thought it was for this.

    There's an apache webserver newsgroup, this question might be in
    their FAQ. Apache.org's docs are also excellent with a good search
    engine. The words "deny" or "throttle" might be helpful for the search.

    Dave Hinz


  8. Re: Denial of webserving attack prevention!

    Le Thu, 05 May 2005 06:40:12 -0700, themf a écrit*:

    >
    >>
    >> If they are running "ab" on your computer you might want to seriously

    >
    >> think about removing that user from your computer. If they are doing
    >> malicious stuff they are obviously someone that you dont want around.
    >>

    >
    > Er - the guy running ab is on ANOTHER computer, not mine!


    That's understood :-)

    And that's another reason to act at the kernel/firewall level instead of
    at the server/userspace level where it can be pretty too late.

    Which don't stop you of setting further user rules at the apache level,
    but I think it's better to stop the possible deep attacks as soon as can
    be; i-e use the advice given by Martijn :-)

+ Reply to Thread