[Bug 392759] Re: apache2 DoS attack using slowloris
Oliver
oliver341 at gmail.com
Wed Nov 11 19:31:05 GMT 2009
The connlimit module in iptables is an excellent defence against Apache
Denial of Service attacks. However, since upgrading to Karmic, iptables
is no longer blocking simultaneous connections when requested for me.
I had previously been using:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT
However, worryingly, it no longer works for me. I can establish 20
simultaneous connections with the above firewall rule in place. I
believe this should be fixed with some urgency, as my webserver has
already been taken offline once by an attack (I stopped the attack by
firewalling the attacker's IP address manually).
I've filed a bug report, please check your iptables connlimit and report back either way:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/478290
--
apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list