Date: Wed, 9 Feb 2000 20:11:08 -0500 (EST) From: "Eric D. Futch" <efutch@nyct.net> To: Ed Gold <edgold@mindspring.com> Cc: "hackers@FreeBSD.ORG" <hackers@FreeBSD.ORG> Subject: Re: Regarding DOS violations Message-ID: <Pine.BSF.4.05.10002092006140.15677-100000@bsd1.nyct.net> In-Reply-To: <38A209BE.738ED208@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I could imagine this causing problems with people that are behind a proxy server or NAT. Since whatever would be collecting the statistics could easily write off these systems as being offensive. I could safely assume that this would prevent access of sites to a few of our customers who have a large number of machines behind NAT. Which of course means they'd call up complaining because all of the sudden their favorite search engine no longer works. You could easily set you limits high enough to allow this kind of traffic, but you would definately miss a script kiddie or two who thinks he has enough bandwidth to get the job done. -- Eric Futch New York Connect.Net, Ltd. efutch@nyct.net Technical Support Staff http://www.nyct.net (212) 293-2620 "Bringing New York The Internet Access It Deserves" On Wed, 9 Feb 2000, Ed Gold wrote: >After reading the article, >http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/02/09/MN23532.DTL > >I am wondering if FreeBSD should take any action to protect our users. >I think it would speak incredibly highly of FreeBSD if Yahoo and other >"customers" were to have some kind of protection from such an attack. My >initial thoughts are: > >A web server should know its limitations and not attempt to handle more >requests than it can manage. It should invoke a service cutoff of any >and all users that cause excessive loading over a measured interval of >time. Essentially, the machine would have to track all requests, rank >them as to how much effort/resources they require, and then >"integrate" this data over a fixed time period. If the overall load is >higher than an acceptable threshold, the most offensive clients get >"ignored" for a fixed period of time. This will, no doubt, ignore a >small number of legitimate users; however, that's far better than not >serving anyone. > >Additionally, the server could log this activity which would make it >possible to contact the owners/operators of these most offensive >systems. With any luck, this could help them realize that their sites >are being hacked into and they could take corrective action to prevent >future attacks. If we let them know that FreeBSD identified their >problem, it might even be an excellent marketing move for us. Comments >Anyone? > >Regards, >Ed > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10002092006140.15677-100000>