dprundle
asked on
Http apache denial of service
I have recently been getting attacked by a Denial of Service on my linux web server. The person doing this is opening a lot of http connections to my web server which runs my cpu up to 90% - 100%.
My question is: How can I prevent this besides waiting for it to happen and blocking the IP in iptables?
and #2: What DoS tool can I download to simulate this attack so that I can further analyze it to help prevent it?
My question is: How can I prevent this besides waiting for it to happen and blocking the IP in iptables?
and #2: What DoS tool can I download to simulate this attack so that I can further analyze it to help prevent it?
ASKER
what does that iptables actually mean?
I think you would be better off with using something like http://blog.medialayer.com/projects-ddos-deflate/ than hacking iptables yourself.
the download page is at : http://www.inetbase.com/scripts/ddos/
ASKER
I know how to configure IPTABLEs I was just uncertain of what that iptables command did.
> I have recently been getting attacked by a Denial of Service on my linux web server. The person doing this is opening a lot of http connections to my web server which runs my cpu up to 90% - 100%.
That's not necessary a DoS attack. That may be a web crawler bot from yahoo, google or other indexing service. If you turn on Referer and User-agent logging, you may analyze your access_log and see is it a robot or a person. For robots you may restrict access with robots.txt file. Hi CPU load may a result of poor written dynamic applications (PHP, perl or whatever you use).
> I know how to configure IPTABLEs I was just uncertain of what that iptables command did.
man iptables, search --limit-burst
That's not necessary a DoS attack. That may be a web crawler bot from yahoo, google or other indexing service. If you turn on Referer and User-agent logging, you may analyze your access_log and see is it a robot or a person. For robots you may restrict access with robots.txt file. Hi CPU load may a result of poor written dynamic applications (PHP, perl or whatever you use).
> I know how to configure IPTABLEs I was just uncertain of what that iptables command did.
man iptables, search --limit-burst
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
iptables -I FORWARD -d (your server) -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
Also, a good number of tips on DOS-attacks is at: http://httpd.apache.org/docs/trunk/misc/security_tips.html
#2: you can simulate that attack using ab (Apache Benchmark), setting the -c (concurrency) parameter to the number of connections you want to establish. This utility is part of Apache package on many linux distro's.