The connlimit module in iptables is an excellent defence against Apache Denial of Service attacks. However, since upgrading to Karmic, iptables is no longer blocking simultaneous connections when requested for me.
I had previously been using: iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT However, worryingly, it no longer works for me. I can establish 20 simultaneous connections with the above firewall rule in place. I believe this should be fixed with some urgency, as my webserver has already been taken offline once by an attack (I stopped the attack by firewalling the attacker's IP address manually). I've filed a bug report, please check your iptables connlimit and report back either way: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/478290 -- apache2 DoS attack using slowloris https://bugs.launchpad.net/bugs/392759 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
