On Sep 13, 2006, at 7:25 AM, Mattias Jiderhamn wrote:

> We are having some trouble with recurring DDoS/DoS attacks on one of
> our Resin servers. While being attacked, it seems most of the threads
> in the thread pool are connected but waiting for request input  
> inside JNI code:

Do you know if the DOS is sending a full request or just hanging  
after establishing connection?


>
> Could setting a lower read-timeout
> (http://www.caucho.com/resin-3.0/config/tuning.xtp#Timeouts) ease  
> the effect?

> What would be sensible values?

Yes, the main issue would be also handling slow posts, e.g. if you  
set it to 500ms, you'd probably timeout posts.  A value of 5s or so  
should be fine.

> Any other tips for counter measures?

If the DOS is actually sending a request, you can look at the  
ThrottleFilter (com.caucho.filters.ThrottleFilter).  That only  
applies once the GET/POST has been sent, though.

I've added a bug report, because it should be possible to add a new  
type of throttle filter earlier in the request processing, i.e. right  
after the connect but before attempting to read.  (We had a  
capability like that in 2.1, but didn't upgrade it in 3.0.)

-- Scott

>
> Thanks in advance.
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to