[CentOS-mirror] DOS attack downloading DVD isos

Fri Nov 20 02:47:03 UTC 2009
Prof. P. Sriram <sriram at ae.iitm.ac.in>

On Thu, 19 Nov 2009, Bob Bownes wrote:
> Anyone else seeing high numbers of requests for the DVD isos from a few
> discrete locations? I'm getting multiple requests for dvd's from over 500
> separate locations.
> 
> Top 10 offenders:

These are mostly folks trying to launch 10 (or 100 or even more) parallel 
download sessions with ranged requests for the DVD images. Your opinion 
may vary, but I think more than 10 parallel requests is an abuse of the 
access that is given and can have an adverse impact on other downloaders 
and the server even. I have implemented fail2ban which is a nifty little 
package that can scan log files for error messages and then put in an 
iptables (or other firewall) rule that will block these ip addresses. Of 
course, one has to also configure the web or ftp server to limit 
connections per ip so that when that is exceeded, an error is logged. 
Since implementing this, the number of connection attempts has come down 
by an order of magnitude for me with no significant change in the traffic 
(bytes) volume.

-- 
sriram