[CentOS-mirror] Hundreds of requests for CentOS 2 isos from
Chinese IP addresses
Prof. P. Sriram
sriram at ae.iitm.ac.in
Fri Aug 29 15:07:58 UTC 2008
On Fri, 29 Aug 2008, Mike Zanker wrote:
> Recently I've been seeing hundreds of requests over a short space of
> time for the CentOS 2 isos, always from a single IP address, always
> Chinese IP addresses.
>
> Anybody else seeing these, or know what they are trying to do? It almost
> looks like some sort of DoS attack.
we (ftp.iitm.ac.in) also run a fedora mirror and this was a chronic
problem with that. we have not noticed this problem with the centos
mirror. actually, they are 'legitimate' requests in the sense that they
appear to be requests for partial downloads; however, with the rate at
which the requests come in, it effectively becomes a dos attack. we have
implemented per ip connection limit to stop this and it is very effective.
there are several ways to do this; one possible way is to use the
limitipconn module of apache and put the following lines in the httpd.conf
file.
<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 3
</Location>
</IfModule>
--
sriram
More information about the CentOS-mirror
mailing list