DOS prevention software?

Forum Moderators: phranque

Message Too Old, No Replies

DOS prevention software?

JakeRogers

8:55 pm on May 20, 2006 (gmt 0)

I have mod_evasive installed on my server but it's not doing too well. Any other scripts that would work well in conjuction with mod evasive?

Right now what I am doing is running this command

netstat -an ¦ grep :80 ¦ awk '{print $5}' ¦ cut -f1 -d":" ¦ sort ¦ uniq -c ¦ sort -n

And than I ban any IP that has above 20 connections. Is there a freeware script or firewall somewhere that I can install on my server which will do that automatically and than send me a log file with what IP's it has banned?

Keep in mind that this is a small-scale DOS attack using open proxies and not a large DDOS attack.

What I really need is a list of open proxies to ban!

webdoctor

10:45 am on May 22, 2006 (gmt 0)

And than I ban any IP that has above 20 connections.

I you're serious about dealing with DDoS attacks, you need to be able to deal with them upsteam - at your ISP's routers.

Blocking ip addresses on your server probably won't help much, unless you're using doing a lot of server-side processing and it's badly written.

Have you run a trace on your server to see exactly what's happening? Are you serving database-driven webpages? Sure your database is optimised correctly? Sure all those dynamic pages need to be dynamic?