On Nov 21, 2007 1:09 PM, Sam Testuser <toximoron_x2@xxxxxxxxxxx> wrote: > This sounds like a serious issue and the links/hints I have seen > in this thread do not seem to acknowledge this fact. > > If it's a single IP address, then you can block it with the tool of > your choice. That's obvious. But in a DDoS setting, your apache server > is as dead as the parrot in Monthy Python. And what's worse: > No logfile documenting the silent death. Just an impressive amount > of connections in netstat. You can try to nail the attacking > clients with mod_forensic, but it won't help you much. DDoS is a read herring as far as I'm concerned. If you have an attacker with a significant DDoS network there is NOTHING you can do to stop them. They can simply send junk down the line to tie up your network connection. No tool can prevent that. > > > http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos > is a nice list of hints for general use, but regarding the attack > in question, it sounds like a collection of spare time activities > while you watch your server die. A well-configured server (without third-party modules) plus a well-configured firewall can withstand essentially all DoS attacks where the attacker has resources proportional to the server. > Under the line: If you are facing this sort of attack, then you are > in serious trouble and there is little apache can do for you. If the attacker has more resources than you do (a DDoS, for example), then yes, you are screwed. But that is true for essentially any network server. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx