[CentOS] DoS Attack

John Hinton webmaster at ew3d.com
Wed Oct 12 22:03:40 UTC 2005 

Chris Mauritz wrote:

> John Hinton wrote:
>
>> Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot 
>> of resources. I have learned today, as a for instance, in the last 
>> hour, about 3000 requests for that page were made by 610 different 
>> servers, mostly from 'odd' places... China, Russia, Poland, Turkey... 
>> the usual suspects from my experience.
>>
>> The bottom line is this... I hit server loads of 142 yesterday!!! And 
>> the server never crashed! Yeah, it might as well have been dead, but 
>> it wasn't. Yes, some things shut down temporarily... but the machine 
>> never went down. This is a remote server, about an hour away.. It 
>> took about 20 minutes for my mysqld stop command to execute, but with 
>> time it did respond! I'm extremely impressed by this and just wanted 
>> to pass this 'trivia' along. EL rocks!
>
>
>
> Back in the "good 'ol days" we could just add a page full of /16's, 
> flushing all traffic from naughty places, to the iptables deny list 
> and call it a day.  Now, my company has customers in some of these 
> "troublesome" countries so we can't drop all their packets on the 
> floor.  8-(
>
> That's good news about your server staying up.  What does its hardware 
> config look like?
>
It's actually one of our very old boat anchors.. the replacement for 
which is sitting here waiting for me to move stuff. It's an old Compaq 
3000R with dual 500s, a gig of ram and 6 18.2gig wide ultra drives .. 
raid 5 with hot spare. Dual P/S, redundant fans... was state of the art 
in 1999! ;)

It actually does a fine job, with loads normally under 1.0 and is 
downright frisky as a webserver. But, as the need for more intensive 
email systems rises, the need for a replacement has grown... so, it will 
be retired pretty soon. But, when it handles so well a situation like 
this.. gee. And reliability.. well, it just now needs one of the fans 
replaced. What can I say? I got my monies worth! I'll likely find some 
use for it as a backup storage box or nameserver or something. It ain't 
dead yet. Then again it might not be worth the rackspace and electricity 
it uses for such a device. It could likely replace one of our nameserver 
boxes, running a 3000 single 550, which does only bind and collects 
postmaster and other general junk mail from all the other systems, which 
sometimes shows something I actually need to know about.

Best,
John Hinton

More information about the CentOS mailing list