On 15.07.2007 at 13:59 koffiejunkie wrote: >Aenn Seidhe Priest wrote: >> Hello, >> >> a webserver is under attack. >> >> What's required is some kind of filtering software and a firewall that >> could do the following: >> >> pass only valid HTTP GET requests and block all other HTTP methods (PUT, >> OPTIONS, CONNECT, etc.), possibly validate HTTP GET requests by matching >to >> local paths; >> optionally disable HTTP 1.1 requests; >> block excessively long URLs; >> have an extensions whitelist/blacklist; > >I can't really help you with something that will do this automatically >(although from what I've heard fail2ban might help). > >The quickest way to nip a DOS in the butt is check your logs and netstat >-ntap for the offending IP and do: > >iptables -A INPUT -s <SOURCE_IP> -j DROP > >With a DDOS this becomes more difficult, but usually the average DDOSer >have only so many zombies, and eventually you'll block them all.
Problem is, the DDoS is from several thousands (yes, thousands) IP addresses, or at least the addresses must be spoofed somewhere on a route outside the server's own network. So far the server's firewall blacklist has accumulated over 12000 IP entries. If you speak Russian, the discussion is here: http://moshkow.livejournal.com/25357.html ++++++++++++++++++++++++++++++++++++++++++++++++ Not far from here, by a white sun, behind a green star, lived the Steelypips, illustrious, industrious, and they hadn't a care: no spats in their vats, no rules, no schools, no gloom, no evil influence of the moon, no trouble from matter or antimatter -- for they had a machine, a dream of a machine, with springs and gears and perfect in every respect. And they lived with it, and on it, and under it, and inside it, for it was all they had -- first they saved up all their atoms, then they put them all together, and if one didn't fit, why they chipped at it a bit, and everything was just fine... -- Stanislaw Lem, "Cyberiad" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
