DOS prevention

Billy Crook billycrook at gmail.com
Mon Mar 18 14:27:29 CDT 2013


Have you looked at fail2ban?  I use it to block IPs that create excessive
err log entries for x minutes.  I also watch for specific naughty requests
like phpmyadmin and block forever.

Sonicwall is exceptionally poor.
On Mar 18, 2013 2:20 PM, "J. Wade Michaelis" <jwade at userfriendlytech.net>
wrote:

> I have a CentOS web server that has recently been brought to a halt on two
> separate occasions.  Checking the access.log, it appears that it was a
> Denial of Service (DOS) attack (hundreds of HTTP requests in a very short
> time, all from a single IP address).
>
> I want to prevent these types of attacks from bringing the server to its
> knees.  We have a hardware firewall (SonicWall) in place, but it isn't
> quite new enough to run the firmware that allows rate-limiting.
>
> I have found a number of tutorials that show how to do this type of thing
> with IPTABLES.  Is there a better solution?
>
> Supposing I go with IPTABLES, do I need to include rules to allow FTP and
> SSH (the only other services on the server)?
>
> Would any of you be willing to assist me with this?
>
> Thanks,
> ~ j.
> jwade at userfriendlytech.net
>
> _______________________________________________
> KCLUG mailing list
> KCLUG at kclug.org
> http://kclug.org/mailman/listinfo/kclug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kclug.org/pipermail/kclug/attachments/20130318/854d7807/attachment.html>


More information about the KCLUG mailing list