Re: [mod-security-users] political web site attacked
Brought to you by:
victorhora,
zimmerletw
From: Oliver S. <Bor...@gm...> - 2005-03-22 09:05:55
|
This highly depends on the attack vector used (and to be used). mod_security helps you to overcome flaws in scripts and much more, but it could not helo (IMO) if a DDoS (Distributed Denial of Service) attack is performed against your machine. In this case there's only a chance if you can distinguish the DDoS packets from normal packets - which is usually not possible. Also several server settings (both of the server software and the OS's TCP/IP stack) can be tweaked to overcome ongoing attacks. E.g. the server usually sends a reply to every valid incoming connection request and already reserves system resources for the connection which would be made upon reply of the client. But when the client does not reply, these system resources will often be freed only after certain minutes. Now assume lots of these "connection attempts" and you understand the attack vector - the system simply exhausts its own resources. Tweaking this setting can help to counteract. Oliver -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net |