> Hi,
> 
> Periodically, we experience what appears to be denial-of-service attacks 
> on our Web site where a client (coming from a single IP address) will 
> open a connection to the server every couple of seconds but never send 
> http requests.  Each new connection places a server process in a 
> "reading" state until it times out after (by default) 300 seconds.  It 
> is equivalent to starting multiple telnets to port 80 without entering 
> any data.   At first, I thought that I could solve this by using the 
> Apache module mod_limitipconn (or something similar) to limit the 
> number of connections per IP address that Apache allows.  It appears, 
> however, that Apache does not provide a handler hook until it has 
> received the client request (which never arrives).
> 
> I am therefore looking for some way to accomplish the same result 
> (limiting the number of TCP connections per IP address) by using some 
> type of NetBSD system tool and I am looking for recommendations about 
> what tool to use.
> 
> Thank you,
> 
> Sverre
> 


Hej Sverre,

set TIMEOUT to low value like 5 seconds.
This will help closing, open dead connections.
And set KeepAliveTimeout to 15.

with this values you can still work (with a high load) if you are DoS'ed.

you can check your server from another computer (in your LAN) with this
script, if it can handle it:
(works only with bash shell)
----
$ while test==1
>do
>telnet www.yourserver.com 80 &
>done
---
this will loop a telnet to port 80 onto your machine. watch your load (top)
and spawning processed from apache.
you can stop it with ctrl-C (a couple times) and exit the shell.
that will terminate the open connections.

I noticed that linux machines aren't impressed at all from such kind of 
scripts, because I think, they are managing it with some kind of packet
filter software.

Greets, Zafer.