[CentOS] DoS Attack
webmaster at ew3d.com
Wed Oct 12 22:03:40 UTC 2005
Chris Mauritz wrote:
> John Hinton wrote:
>> Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot
>> of resources. I have learned today, as a for instance, in the last
>> hour, about 3000 requests for that page were made by 610 different
>> servers, mostly from 'odd' places... China, Russia, Poland, Turkey...
>> the usual suspects from my experience.
>> The bottom line is this... I hit server loads of 142 yesterday!!! And
>> the server never crashed! Yeah, it might as well have been dead, but
>> it wasn't. Yes, some things shut down temporarily... but the machine
>> never went down. This is a remote server, about an hour away.. It
>> took about 20 minutes for my mysqld stop command to execute, but with
>> time it did respond! I'm extremely impressed by this and just wanted
>> to pass this 'trivia' along. EL rocks!
> Back in the "good 'ol days" we could just add a page full of /16's,
> flushing all traffic from naughty places, to the iptables deny list
> and call it a day. Now, my company has customers in some of these
> "troublesome" countries so we can't drop all their packets on the
> floor. 8-(
> That's good news about your server staying up. What does its hardware
> config look like?
It's actually one of our very old boat anchors.. the replacement for
which is sitting here waiting for me to move stuff. It's an old Compaq
3000R with dual 500s, a gig of ram and 6 18.2gig wide ultra drives ..
raid 5 with hot spare. Dual P/S, redundant fans... was state of the art
in 1999! ;)
It actually does a fine job, with loads normally under 1.0 and is
downright frisky as a webserver. But, as the need for more intensive
email systems rises, the need for a replacement has grown... so, it will
be retired pretty soon. But, when it handles so well a situation like
this.. gee. And reliability.. well, it just now needs one of the fans
replaced. What can I say? I got my monies worth! I'll likely find some
use for it as a backup storage box or nameserver or something. It ain't
dead yet. Then again it might not be worth the rackspace and electricity
it uses for such a device. It could likely replace one of our nameserver
boxes, running a 3000 single 550, which does only bind and collects
postmaster and other general junk mail from all the other systems, which
sometimes shows something I actually need to know about.
More information about the CentOS