Date: Wed, 9 Feb 2000 21:25:45 -0600 From: Dan Nelson <dnelson@emsphone.com> To: Ed Gold <edgold@mindspring.com> Cc: "hackers@FreeBSD.ORG" <hackers@FreeBSD.ORG> Subject: Re: Regarding DOS violations Message-ID: <20000209212545.B69166@dan.emsphone.com> In-Reply-To: <38A209BE.738ED208@mindspring.com>; from "Ed Gold" on Wed Feb 9 19:43:42 GMT 2000 References: <38A209BE.738ED208@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Feb 09), Ed Gold said: > After reading the article, > http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/02/09/MN23532.DTL > > I am wondering if FreeBSD should take any action to protect our > users. I think it would speak incredibly highly of FreeBSD if Yahoo > and other "customers" were to have some kind of protection from such > an attack. My initial thoughts are: > > A web server should know its limitations and not attempt to handle > more requests than it can manage. It should invoke a service cutoff The problem is that for most flood-type DoS attacks, the target machine doesn't see most of the traffic. The idea is to flood the T1/T3/whatever lines, or send enough small packets that the routers are overwhelmed. The smart limiting you describe is good for servers that have relatively few connections that take a lot of CPU each. I'd say that most database-backended servers have a similar problem, and do have per-IP query limits or some other form of restrictions. The best (worst?) example of this I can think of is the all-too-common IIS "HTTP/1.0 Server Too Busy" message. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000209212545.B69166>