[CentOS] DoS Attack

John Hinton webmaster at ew3d.com
Wed Oct 12 22:03:40 UTC 2005

Chris Mauritz wrote:

> John Hinton wrote:
>> Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot 
>> of resources. I have learned today, as a for instance, in the last 
>> hour, about 3000 requests for that page were made by 610 different 
>> servers, mostly from 'odd' places... China, Russia, Poland, Turkey... 
>> the usual suspects from my experience.
>> The bottom line is this... I hit server loads of 142 yesterday!!! And 
>> the server never crashed! Yeah, it might as well have been dead, but 
>> it wasn't. Yes, some things shut down temporarily... but the machine 
>> never went down. This is a remote server, about an hour away.. It 
>> took about 20 minutes for my mysqld stop command to execute, but with 
>> time it did respond! I'm extremely impressed by this and just wanted 
>> to pass this 'trivia' along. EL rocks!
> Back in the "good 'ol days" we could just add a page full of /16's, 
> flushing all traffic from naughty places, to the iptables deny list 
> and call it a day.  Now, my company has customers in some of these 
> "troublesome" countries so we can't drop all their packets on the 
> floor.  8-(
> That's good news about your server staying up.  What does its hardware 
> config look like?
It's actually one of our very old boat anchors.. the replacement for 
which is sitting here waiting for me to move stuff. It's an old Compaq 
3000R with dual 500s, a gig of ram and 6 18.2gig wide ultra drives .. 
raid 5 with hot spare. Dual P/S, redundant fans... was state of the art 
in 1999! ;)

It actually does a fine job, with loads normally under 1.0 and is 
downright frisky as a webserver. But, as the need for more intensive 
email systems rises, the need for a replacement has grown... so, it will 
be retired pretty soon. But, when it handles so well a situation like 
this.. gee. And reliability.. well, it just now needs one of the fans 
replaced. What can I say? I got my monies worth! I'll likely find some 
use for it as a backup storage box or nameserver or something. It ain't 
dead yet. Then again it might not be worth the rackspace and electricity 
it uses for such a device. It could likely replace one of our nameserver 
boxes, running a 3000 single 550, which does only bind and collects 
postmaster and other general junk mail from all the other systems, which 
sometimes shows something I actually need to know about.

John Hinton

More information about the CentOS mailing list