From owner-freebsd-hackers Wed Feb 9 19:26:12 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by builder.freebsd.org (Postfix) with ESMTP id BEEC24183 for ; Wed, 9 Feb 2000 19:26:09 -0800 (PST) Received: (from dan@localhost) by dan.emsphone.com (8.9.3/8.9.3) id VAA71518; Wed, 9 Feb 2000 21:25:45 -0600 (CST) (envelope-from dan) Date: Wed, 9 Feb 2000 21:25:45 -0600 From: Dan Nelson To: Ed Gold Cc: "hackers@FreeBSD.ORG" Subject: Re: Regarding DOS violations Message-ID: <20000209212545.B69166@dan.emsphone.com> References: <38A209BE.738ED208@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <38A209BE.738ED208@mindspring.com>; from "Ed Gold" on Wed Feb 9 19:43:42 GMT 2000 X-OS: FreeBSD 4.0-CURRENT Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In the last episode (Feb 09), Ed Gold said: > After reading the article, > http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/02/09/MN23532.DTL > > I am wondering if FreeBSD should take any action to protect our > users. I think it would speak incredibly highly of FreeBSD if Yahoo > and other "customers" were to have some kind of protection from such > an attack. My initial thoughts are: > > A web server should know its limitations and not attempt to handle > more requests than it can manage. It should invoke a service cutoff The problem is that for most flood-type DoS attacks, the target machine doesn't see most of the traffic. The idea is to flood the T1/T3/whatever lines, or send enough small packets that the routers are overwhelmed. The smart limiting you describe is good for servers that have relatively few connections that take a lot of CPU each. I'd say that most database-backended servers have a similar problem, and do have per-IP query limits or some other form of restrictions. The best (worst?) example of this I can think of is the all-too-common IIS "HTTP/1.0 Server Too Busy" message. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message