You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 2000/02/10 12:29:37 UTC
[Fwd: ** IMPORTANT IDEA **]
Acked. Didn't someone already do something in this wise,
in an access module or something?
--
#ken P-)}
Ken Coar <http://Golux.Com/coar/>
Apache Software Foundation <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
Come to the first official Apache Software Foundation
Conference! <http://ApacheCon.Com/>
Re: [Fwd: ** IMPORTANT IDEA **]
Posted by Martin Pool <mb...@linuxcare.com.au>.
On Thu, Feb 10, 2000 at 06:29:37AM -0500, Rodent of Unusual Size wrote:
> Acked. Didn't someone already do something in this wise,
> in an access module or something?
@ I'd like to suggest an idea.
@
@ Couldn't the Apache Web Server be modified so that the Web Server
@ itself would only accept "x" number of inbound packets per second from
@ a designated IP or something like that? ie, Some sort of threshold
@ setting. I'd be more than happy to attempt to mod this fix assuming
@ someone can point me into the right direction or file to look through.
@ I believe this would eliminate the servers such as Amazon, EBay and
@ others that have been overwhelmed with attacks lately? Just a thought,
@ I think it may be possible to introduce such a fix/enhancement.
I don't want to be a wet blanket but in general that won't stop
TFN-style attacks. If you have 1GB/s heading for your server then the
pipe is going to saturate before Apache even gets a chance to see the
packets. If you're going to limit traffic that way then it has to be
done in a core router.
The other problem is that each of the individual attack slaves won't
be sending an unusually high amount of data: perhaps just a few kb/s
each. (If you're going to allow proxies for big ISPs the limit has to
be much higher.) The problem is that there's so many of them and they
don't stop.
This is a good summary:
http://www.cert.org/reports/dsit_workshop.pdf
--
Martin Pool, Technical Support Engineer, Linuxcare, Inc.
+61 2 6262 8990
mbp@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.