[Wolves] Anti-DDos solutions - opinions/experiences please

David Goodwin david at codepoets.co.uk
Tue Nov 10 08:12:31 UTC 2009


Would be most interested in hearing of any solutions. We've always  
resorted to making coding changes to the app to do this sort of thing.

David Goodwin
Pale Purple Ltd.
http://www.palepurple.co.uk
0845 0046746
07792 380669

On 9 Nov 2009, at 12:56, Andy Jewell <Andy.Jewell at sysmicro.co.uk> wrote:

> Hi guys,
>
> Has anyone got any opinions or useful experiences with anti-ddos  
> software?
>
> In particular, I'm looking at the following:
>
> 1) fail2ban
> 2) apf + ddos deflate
>
> If anyone has any other suggestions, I'd be pleased to hear about  
> them too.
>
> After having read up a bit on those two, I'm beginning to lean  
> towards apf but I'd like to know if anyone knows of a better way or  
> any pitfalls of apf.
>
> The scenario.
> =========
>
> A customer has a busy apache web-server running perl-cgi on  
> centos5.2 with a mysql backend (running on separate servers). We  
> also have a cisco firewall at the front end too.
>
> Every now and then, users of the website do stupid things like using  
> firefox+greasemonkey or similar, to make 70-odd requests per second  
> in order to stack up a huge hit-count (a large percentage of the  
> clientele of the site are young boys).  The site can actually take  
> this, however, when this coincides with natural peaks in activity,  
> the site grinds to a halt (surprise, surprise).
>
> Last time this happened, it went on for quite some time, and every  
> time we had a peak, the site would choke. In the end, I just  
> manually firewalled the b... the... IP. However, this wasn't ideal;  
> when I looked into the logs, I discovered it had been going on for  
> 17+ hours...
>
> So we have decided we need to put something more automatic in place,  
> and preferably, cover the broader spectrum of attacks.
>
> Andy D'Arcy Jewell
> SysMicro Linux Support
>
> T:  +44 (0) 844 991 8804
> M: +44 (0) 7961 605631
> F:  +44 (0) 844 357 7020
> E:  andy.jewell at sysmicro.co.uk
> W: www.sysmicro.co.uk
> ________________________________________
> From: wolves-bounces at mailman.lug.org.uk [wolves- 
> bounces at mailman.lug.org.uk] On Behalf Of chris procter [chris- 
> procter at talk21.com]
> Sent: 04 November 2009 17:22
> To: Wolverhampton Linux User Group
> Subject: Re: [Wolves] LIST
>
>> Meeting At:
>
>> Moon Under Water
>> 53-55 Lichfield St
>> Wolverhampton
>> West Midlands
>> WV1 1EQ‎
>>
>> Eat Drink and Talk Linux :)
>>
>> GOES:
>> 1. Dave Morley
>> 2. Amo
>> 3. Chris Ellis
>> 4. Steph
>> 5. Andy D'Arcy Jewell
>> 6. Octavio (but leaving early!)
>> 7 Crofty
>>
>> LATES:
>> 1. Ron
>>
>> LOSERS:
>> 1. Rob Parker
>> 2. Chris (broke!) O'Rawe
>> 3. Ad
> 4. chrisp  - ill ;(  (I've lost my voice, some may think this is a  
> good thing...)
>
>
>
>
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves



More information about the Wolves mailing list