It was thus said that the Great Kanstantin Reznichak once stated: > Hello, > > Thank you for reply. Unfortunately, mod-limitipconn seems to act too late. > After installing and enabling it: > <Location /> > MaxConnPerIP 15 > </Location> > > Netstat shows: > # netstat -atn > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN > tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3930 SYN_RECV > tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3316 SYN_RECV > tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):4147 SYN_RECV > tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3854 SYN_RECV > tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1500 SYN_RECV That's a SYN flood, and I've been on the receiving end of those, and I've wrote about what I did to reduce the problem under Linux. http://boston.conman.org/2005/08/11.2 (summary of the link below) http://boston.conman.org/2004/01/04.2 Hopefully, some of that is helpful to you. -spc --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|