[CentOS-mirror] DOS attack downloading DVD isos
Prof. P. Sriram
sriram at ae.iitm.ac.in
Fri Nov 20 02:47:03 UTC 2009
On Thu, 19 Nov 2009, Bob Bownes wrote:
> Anyone else seeing high numbers of requests for the DVD isos from a few
> discrete locations? I'm getting multiple requests for dvd's from over 500
> separate locations.
>
> Top 10 offenders:
These are mostly folks trying to launch 10 (or 100 or even more) parallel
download sessions with ranged requests for the DVD images. Your opinion
may vary, but I think more than 10 parallel requests is an abuse of the
access that is given and can have an adverse impact on other downloaders
and the server even. I have implemented fail2ban which is a nifty little
package that can scan log files for error messages and then put in an
iptables (or other firewall) rule that will block these ip addresses. Of
course, one has to also configure the web or ftp server to limit
connections per ip so that when that is exceeded, an error is logged.
Since implementing this, the number of connection attempts has come down
by an order of magnitude for me with no significant change in the traffic
(bytes) volume.
--
sriram
More information about the CentOS-mirror
mailing list