[Wolves] Anti-DDos solutions - opinions/experiences please

Andy Jewell Andy.Jewell at sysmicro.co.uk
Mon Nov 9 12:56:29 UTC 2009 

Hi guys,

Has anyone got any opinions or useful experiences with anti-ddos software?

In particular, I'm looking at the following:

1) fail2ban
2) apf + ddos deflate

If anyone has any other suggestions, I'd be pleased to hear about them too.

After having read up a bit on those two, I'm beginning to lean towards apf but I'd like to know if anyone knows of a better way or any pitfalls of apf.

The scenario.
=========

A customer has a busy apache web-server running perl-cgi on centos5.2 with a mysql backend (running on separate servers). We also have a cisco firewall at the front end too.

Every now and then, users of the website do stupid things like using firefox+greasemonkey or similar, to make 70-odd requests per second in order to stack up a huge hit-count (a large percentage of the clientele of the site are young boys).  The site can actually take this, however, when this coincides with natural peaks in activity, the site grinds to a halt (surprise, surprise). 

Last time this happened, it went on for quite some time, and every time we had a peak, the site would choke. In the end, I just manually firewalled the b... the... IP. However, this wasn't ideal; when I looked into the logs, I discovered it had been going on for 17+ hours...

So we have decided we need to put something more automatic in place, and preferably, cover the broader spectrum of attacks. 

Andy D'Arcy Jewell
SysMicro Linux Support

T:  +44 (0) 844 991 8804
M: +44 (0) 7961 605631
F:  +44 (0) 844 357 7020
E:  andy.jewell at sysmicro.co.uk
W: www.sysmicro.co.uk
________________________________________
From: wolves-bounces at mailman.lug.org.uk [wolves-bounces at mailman.lug.org.uk] On Behalf Of chris procter [chris-procter at talk21.com]
Sent: 04 November 2009 17:22
To: Wolverhampton Linux User Group
Subject: Re: [Wolves] LIST

> Meeting At:

> Moon Under Water
> 53-55 Lichfield St
> Wolverhampton
> West Midlands
> WV1 1EQ‎
>
> Eat Drink and Talk Linux :)
>
> GOES:
> 1. Dave Morley
> 2. Amo
> 3. Chris Ellis
> 4. Steph
> 5. Andy D'Arcy Jewell
> 6. Octavio (but leaving early!)
> 7 Crofty
>
> LATES:
> 1. Ron
>
> LOSERS:
> 1. Rob Parker
> 2. Chris (broke!) O'Rawe
> 3. Ad
4. chrisp  - ill ;(  (I've lost my voice, some may think this is a good thing...)





_______________________________________________
Wolves LUG mailing list
Homepage: http://www.wolveslug.org.uk/
Mailing list: Wolves at mailman.lug.org.uk
Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves

More information about the Wolves mailing list