From owner-freebsd-security  Mon Jul 29 11:30:17 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F09DA37B400
	for <security@FreeBSD.ORG>; Mon, 29 Jul 2002 11:30:13 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5B3D543E70
	for <security@FreeBSD.ORG>; Mon, 29 Jul 2002 11:30:13 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id MAA24709;
	Mon, 29 Jul 2002 12:29:56 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020729122752.00bbcbd0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Mon, 29 Jul 2002 12:29:52 -0600
To: Cyrus <cyrus@odsource.com>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: counter apache DoS attacks?
In-Reply-To: <20020729050402.Q47608-100000@odsource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

See my presentation from OSCon:

http://www.brettglass.com/apacheabuse/

--Brett

P.S. -- The material overlaps somewhat with my recent BSDCon 
presentation, but this talk specifically focused on Apache and 
how to avoid abuses ranging from address harvesting to worms.

At 03:04 AM 7/29/2002, Cyrus wrote:
  
>Several people get their jollies off by having differnet servers
>infinitely request my main page thousands of times each therefore shooting
>my memory to poo and a lot of bandwidth. But my problem is the memory, not
>the bandwidth. I've looked through mod_throttle and such, not for me. Is
>there anything out there that can automatically detect and take an action
>for this type of attack? I dunno...like use route on the offenders IP and
>such. But for it to do this automatically. Anyone have any suggestions?
>Thanks in advance.
>
>-Cyrus
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message