Re: [PLUG] Simple protection against DOS attack

Tom Haines on 19 Sep 2012 07:27:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Simple protection against DOS attack

From: Tom Haines <hainest@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Simple protection against DOS attack
Date: Wed, 19 Sep 2012 10:27:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=IYMoKqg4fWWFM6SA5CjKbVKhOnaRYJ7awd+ADMqeGP0=; b=Cb5QhwazJS6a+ATsjVrjcySuWwevgPTfLdEb+htG6BcnPzHuObgDKQoqkk7t6iTSr5 irrkahSpwYr4RTAq+M2IWZOuS3RBJDZhF4v5jp453/fi2jufpGFZOCCI5mWmRHyhXfj8 2Wcntum3VTZcINfR8jzJjt1Lrr1R2nSVoELsx0XAp0AaaWmqX49PodGg8DWjsinSP70f 5xFtRNsbVjHEG/ZggyCOxqYmGwD5gnLbQ+wgWI3OPU9/87KjBIm48zwR78/SxRn52/I5 yprlqfzfurul1/jmI/rVdHgIc6h4oFOWJ29S0xZtObrABXIrhbKSdmcAZrA5gfp7BIEo RSbw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

Unfotunately this is not an internal problem to us, or that would be the response. This is a hosted situation with several Moodle instances for different schools, so one school's bad kid impacts the other sites responsiveness.

The iptables solution seems promising. We are already using that for a firewall, so we're adding no new moving parts. Although we do have several schools who NAT, so their entire web traffic comes to us from a single IP. It would have to be tuned well. I'm collecting stats from the lighttpd logs to see if this is possible.

On Wed, Sep 19, 2012 at 10:18 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:

On Wed, Sep 19, 2012 at 8:47 AM, Matt Mossholder <matt@mossholder.com> wrote:
> You could try mod_evasive, instead of mod_security...

There is also mod_expulsion_with_no_refund_and_nasty_note_on_transcript.
Sometimes the best solution isn't always a technical one. Certainly
at work that would be our solution to an internal DOS attack.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Simple protection against DOS attack
  - From: Russ Thompson <vigornj@gmail.com>
- Re: [PLUG] Simple protection against DOS attack
  - From: Sam Gleske <sam.mxracer@gmail.com>

References:
- [PLUG] Simple protection against DOS attack
  - From: Tom Haines <hainest@gmail.com>
- Re: [PLUG] Simple protection against DOS attack
  - From: Matt Mossholder <matt@mossholder.com>
- Re: [PLUG] Simple protection against DOS attack
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] Simple protection against DOS attack
Next by Date: Re: [PLUG] Simple protection against DOS attack
Previous by thread: Re: [PLUG] Simple protection against DOS attack
Next by thread: Re: [PLUG] Simple protection against DOS attack
Index(es):
- Date
- Thread