Re: [PLUG] Simple protection against DOS attack

Sam Gleske on 19 Sep 2012 16:37:24 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Simple protection against DOS attack

From: Sam Gleske <sam.mxracer@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Simple protection against DOS attack
Date: Wed, 19 Sep 2012 19:37:17 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :content-type:content-transfer-encoding; bh=HGbXS/HVDb/M2F9Jx2ANVZY2gAK8Eha/EPZ9lKeUCik=; b=OHK50huNXQ1AcMN3+oepnSxuFGjGW0QZNDz+BV3hDaGXHBoVOQb3AvL7/b8l670SIK EKMq7ToC8CDkcwn+N7lRFfDRn6HQ0DhY5s4CIz8SRKUtzdyZw4eGI41WjdACC4m4Urfj i0gQVDDJTMSDHqnXEJ/oa9rA7zaVnGcmMQE9Y5vcqKDJ2b7mgH6OQjwTy850otj6ioSv lUoErE5+tn976qv+qlo8K1WLH4vIDge11RLZ0rqeV4oOJxKVZ8MfAvZ6835rUaS734po xj6DXLqPxLdw8fGzCSt/xfuks8wM3ZNzzuyGZZluEg7SVzDQ6dp5Q3YvCKWB2xDTm/c8 Y8Og==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sep 19, 2012, at 10:27 AM, Tom Haines <hainest@gmail.com> wrote:

> Unfotunately this is not an internal problem to us, or that would be the response. This is a hosted situation with several Moodle instances for different schools, so one school's bad kid impacts the other sites responsiveness.
>
> The iptables solution seems promising. We are already using that for a firewall, so we're adding no new moving parts. Although we do have several schools who NAT, so their entire web traffic comes to us from a single IP. It would have to be tuned well. I'm collecting stats from the lighttpd logs to see if this is possible.

As far as NAT schools are concerned, having one school go down is
better than all schools go down.

Have you contacted the problematic university about the student
incident?  I don't see why they wouldn't work with you on the issue.
If they're not willing to play ball then you can limit just their
connection.  There's no need to make all of your customers suffer
because one is being stubborn.

SAM
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Simple protection against DOS attack
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- [PLUG] Simple protection against DOS attack
  - From: Tom Haines <hainest@gmail.com>
- Re: [PLUG] Simple protection against DOS attack
  - From: Matt Mossholder <matt@mossholder.com>
- Re: [PLUG] Simple protection against DOS attack
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Simple protection against DOS attack
  - From: Tom Haines <hainest@gmail.com>

Prev by Date: Re: [PLUG] Upcoming December talk
Next by Date: Re: [PLUG] Simple protection against DOS attack
Previous by thread: Re: [PLUG] Simple protection against DOS attack
Next by thread: Re: [PLUG] Simple protection against DOS attack
Index(es):
- Date
- Thread