[CentOS] DoS Attack
John Hinton
webmaster at ew3d.com
Wed Oct 12 22:03:40 UTC 2005
Chris Mauritz wrote:
> John Hinton wrote:
>
>> Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot
>> of resources. I have learned today, as a for instance, in the last
>> hour, about 3000 requests for that page were made by 610 different
>> servers, mostly from 'odd' places... China, Russia, Poland, Turkey...
>> the usual suspects from my experience.
>>
>> The bottom line is this... I hit server loads of 142 yesterday!!! And
>> the server never crashed! Yeah, it might as well have been dead, but
>> it wasn't. Yes, some things shut down temporarily... but the machine
>> never went down. This is a remote server, about an hour away.. It
>> took about 20 minutes for my mysqld stop command to execute, but with
>> time it did respond! I'm extremely impressed by this and just wanted
>> to pass this 'trivia' along. EL rocks!
>
>
>
> Back in the "good 'ol days" we could just add a page full of /16's,
> flushing all traffic from naughty places, to the iptables deny list
> and call it a day. Now, my company has customers in some of these
> "troublesome" countries so we can't drop all their packets on the
> floor. 8-(
>
> That's good news about your server staying up. What does its hardware
> config look like?
>
It's actually one of our very old boat anchors.. the replacement for
which is sitting here waiting for me to move stuff. It's an old Compaq
3000R with dual 500s, a gig of ram and 6 18.2gig wide ultra drives ..
raid 5 with hot spare. Dual P/S, redundant fans... was state of the art
in 1999! ;)
It actually does a fine job, with loads normally under 1.0 and is
downright frisky as a webserver. But, as the need for more intensive
email systems rises, the need for a replacement has grown... so, it will
be retired pretty soon. But, when it handles so well a situation like
this.. gee. And reliability.. well, it just now needs one of the fans
replaced. What can I say? I got my monies worth! I'll likely find some
use for it as a backup storage box or nameserver or something. It ain't
dead yet. Then again it might not be worth the rackspace and electricity
it uses for such a device. It could likely replace one of our nameserver
boxes, running a 3000 single 550, which does only bind and collects
postmaster and other general junk mail from all the other systems, which
sometimes shows something I actually need to know about.
Best,
John Hinton
More information about the CentOS
mailing list