On Fri, 29 Aug 2008, Mike Zanker wrote:
> Recently I've been seeing hundreds of requests over a short space of
> time for the CentOS 2 isos, always from a single IP address, always
> Chinese IP addresses.
>
> Anybody else seeing these, or know what they are trying to do? It almost
> looks like some sort of DoS attack.
we (ftp.iitm.ac.in) also run a fedora mirror and this was a chronic
problem with that. we have not noticed this problem with the centos
mirror. actually, they are 'legitimate' requests in the sense that they
appear to be requests for partial downloads; however, with the rate at
which the requests come in, it effectively becomes a dos attack. we have
implemented per ip connection limit to stop this and it is very effective.
there are several ways to do this; one possible way is to use the
limitipconn module of apache and put the following lines in the httpd.conf
file.
<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 3
</Location>
</IfModule>
--
sriram