OT: (D)DoS attack mitigation
Temlakos
temlakos at gmail.com
Sun May 25 02:51:19 UTC 2008
Patrick O'Callaghan wrote:
> On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:
>
>> Anyone have a line on things that a root-accessed server admin can do to
>> stop a (D)DoS attack?
>>
>
> A DDOS attack on what? What services are you running that might be
> attacked? Are all unnecessary ports closed?
>
> poc
>
>
The attack, if that's what it is, is against Web service (Apache) at
port 80. It's a Wiki site, on a server running CentOS 5. The site seems
to be running again, but a few hours ago I was getting connection
resets, timeouts, and "can't find server" messages. And at one point, my
Web host said that the apache system account was making too many requests.
It's a remote server to which I have root access--at least, whenever I
can sign in.
The Web host is supposed to have mod-dosevasive and a Brute Force
Detection package installed. Assuming that those packages are in fact
working, what other measures should I take?
I need to have port 80 open for ordinary Web service, plus one other
port open for signing in as a domain-management client or as a server
administrator. I also use ssh on occasion, but I normally forbid that,
and open it only when necessary to get in, run a few quick scripts, and
then get out.
The "top" command reveals two routines by apache; the rest run by root.
I just installed wireshark, but now I can't get wireshark to start:
"command not found." What directory is that supposed to install in?
Temlakos
More information about the fedora-list
mailing list