Subject: Re: Distributed denial of service attacks.
To: Stephen M Jones <smj@cirr.com>
From: Stephen M Jones <smj@cirr.com>
List: tech-security
Date: 09/07/2001 13:26:53
So it continues .. I forgot to mention that I'm using apache 1.3.20 and
I have tried using the Limit* directives in the past.  Those are more 
for bandwidth tuning and not really a defense against a DOS attack.  I've
logged 461 random/spoofed IP addresses that had large Send-Qs .. new ones
pop up every second so following them is a bit futile.  Writing ipf rules
isn't really the solution.  I've got apache stopped once again which of
course ceases all flooding.  I'm looking into using tcpdump to listen to
the port and see if I can get any clues that way.  Any other clues or
suggestions would be greatly appreciated.