Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

167 questions
3
votes
2 answers

Apache SSL Renogotiation (thc-ssl-dos)

Looking at thc-ssl-dos, it only affects SSL enabled web sites with renegotiations enabled. I have been checking a few servers and have the following questions; First; renegotiations are disabled by default on my Apache installations, so in what…
jwbensley
  • 4,202
  • 11
  • 58
  • 90
3
votes
4 answers

Tomcat denial of service

The last two days our Tomcat 5.5 Linux-based webserver has been broken down within minutes by starting thousands of downloads and stopping them. Some request paths in the access log end with a "?jfkdsjkfsdk"-like part. Is there a known…
Mike L.
  • 131
  • 1
  • 4
3
votes
2 answers

iptables rate-limit module problem

I am using iptables' rate-limit module to prevent DoS attack (I know it cannot stop a full scale DDoS but at least it can help with smaller attacks). In my rules I have something like: /sbin/iptables -A INPUT -p TCP -m state --state NEW -d…
TopQ
  • 93
  • 5
3
votes
2 answers

In what way am I more likely to be DDoS'd? Via http or other ports?

I am writing a web service that has a lot of vicious competitors. Vicious as in: people have been getting DDoS'd within hours of setting up shop in this arena. The service will consist of: a website that you can sign up to and check on stats/etc...…
darkAsPitch
  • 1,931
  • 4
  • 25
  • 42
3
votes
3 answers

DDOS by several IPs with one connection

I have a site that was being hit with a DDOS the same time every day for the past month, and after spending a month researching and pinpointing the bug, we enacted a bash script which if the connection is reaching 80+ max connections in one minute…
Zach Smith
  • 278
  • 2
  • 11
3
votes
2 answers

Is it possible to distinguish from “good” http requests and DoS attacks?

How could I know that a lot of requests in a short period of time come from a DoS attack and not from normal browser requests?
mdgart
  • 131
  • 3
3
votes
1 answer

SYN flooding still a threat to servers?

Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets…
Rob
  • 2,393
  • 9
  • 33
  • 52
3
votes
1 answer

Prevent DDOS Attack on GCP App Engine

I've launched my application on GCP App Engine with 8 micro-services. I did an overload test with apache j-meter and it seems to scale well. However this can also be used as a DOS attack on my application and app engine does not seem to be blocking…
Elinoter99
  • 131
  • 2
2
votes
2 answers

DoS attack? Vast majority of apache workers in 'Reading Request' mode, site down last night, slow now

So I think my server might be suffering a Denial of Service attack. We got notified by pingdom (website monitoring) that our website was unavailable starting around 3AM. Early today we started checking apache error logs and saw a whole bunch of this…
S. Imp
  • 526
  • 1
  • 4
  • 19
2
votes
0 answers

Will More vCPU's and RAM Help Protect Against Some Smaller Scale DDoS Attacks?

Obviously having more vCPU's (virtual CPU's) and more RAM by them self won't be able to alone help stop and/or prevent a DDoS attack, but let's say after a DDoS attack is finished and/or slowing down would having more vCPU's and RAM dedicated to a…
rflxdev
  • 21
  • 1
2
votes
3 answers

Blocking IP addresses Load Balanced Cluster

We're using HAproxy as a front end load balancer / proxy and are looking for solutions to block random IP addresses from jamming the cluster. Is anyone familiar with a conf for HAProxy that can block requests if they exceed a certain threshold from…
user35647
  • 121
  • 4
2
votes
1 answer

When an ISP is DDoSed, will its NOC have Internet access?

When an ISP is hit by a huge DDoS attack and its data plane is severely congested, will its Network Operations Center (NOC) have alternative Internet access? I'm curious what would be the industry practice for the backup, alternative Internet…
min
  • 21
  • 2
2
votes
0 answers

How does AWS ELB deals with DoS?

I've seen some AWS documentation about how to mitigate DDoS attacks but this question is exclusively DoS. From the point of view of my EC2 instances, that are behind the ELB, the HTTP(S) requests are all being originated from the ELB, therefore the…
Diogo Melo
  • 162
  • 2
  • 7
2
votes
1 answer

How do I contact Google to report network abuse?

My server is being hit with thousands of connection requests per second from 74.125.170.60. I looked the IP address up on ARIN, and it's in a Google address block. You searched for: 74.125.170.60 Network Net Range 74.125.0.0 -…
FKEinternet
  • 291
  • 2
  • 4
  • 11
2
votes
1 answer

Long lived TCP connection to DNS servers

Typically the TCP connections to DNS servers are expected to be short lived, ie: the client connects, sends the query and disconnects on getting the response. If a client wants to keep a long lived TCP connection to a DNS server and use it whenever…
Manohar
  • 229
  • 5
  • 10
1 2
3
11 12