Subject: Help with DoS attack exhausting Apache server processes
To: None <,>
From: Sverre Froyen <>
List: netbsd-help
Date: 01/10/2005 10:50:07

Periodically, we experience what appears to be denial-of-service attacks 
on our Web site where a client (coming from a single IP address) will 
open a connection to the server every couple of seconds but never send 
http requests.  Each new connection places a server process in a 
"reading" state until it times out after (by default) 300 seconds.  It 
is equivalent to starting multiple telnets to port 80 without entering 
any data.   At first, I thought that I could solve this by using the 
Apache module mod_limitipconn (or something similar) to limit the 
number of connections per IP address that Apache allows.  It appears, 
however, that Apache does not provide a handler hook until it has 
received the client request (which never arrives).

I am therefore looking for some way to accomplish the same result 
(limiting the number of TCP connections per IP address) by using some 
type of NetBSD system tool and I am looking for recommendations about 
what tool to use.

Thank you,