It was thus said that the Great Kanstantin Reznichak once stated:
> Hello,
>
> Thank you for reply. Unfortunately, mod-limitipconn seems to act too late.
> After installing and enabling it:
> <Location />
> MaxConnPerIP 15
> </Location>
>
> Netstat shows:
> # netstat -atn
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
> tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3930 SYN_RECV
> tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3316 SYN_RECV
> tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):4147 SYN_RECV
> tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3854 SYN_RECV
> tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1500 SYN_RECV
That's a SYN flood, and I've been on the receiving end of those, and I've
wrote about what I did to reduce the problem under Linux.
http://boston.conman.org/2005/08/11.2 (summary of the link below)
http://boston.conman.org/2004/01/04.2
Hopefully, some of that is helpful to you.
-spc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
