• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Suggestions for handling DoS attack, well kind of
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestions for handling DoS attack, well kind of

  • Subject: Re: Suggestions for handling DoS attack, well kind of
  • From: "Jerry W. Walker" <email@hidden>
  • Date: Thu, 1 Feb 2007 08:17:27 -0500
Hi, Owen,

I think that Lachlan's suggestion would be a better solution to the problem that you actually faced than the one I'm about to suggest, but another similar problem comes from many people hitting your site just to see what's there. Once they've seen that it's not something they're interested in, they pop over to some other site, leaving you with a Session hanging around for another half hour or so.

The best defense against this is to make your web site's home page either a static HTML page with a link to your WOApp Main page or change your default request handler to WODirectActionRequestHandler and make it a DirectAction page with a link to the WOComponent that would have otherwise been your main page.

I've been doing this on most of my sites after reading the WOStatsPage on one of our heavily used sites back in the late 90's indicating that over 90% of the requests that we received were for the main page and less than 5% went deeper than a single click on that page.

A true DoS attack will probably hit your main page as well, but if it's a DDOS attack, although it's really a different issue that has to be handled upstream of your application server to get back on the air, at least it won't bring your app down.

Regards,
Jerry

On Jan 31, 2007, at 7:33 PM, Lachlan Deck wrote:

Hi Owen,

mod_throttle (Apache 1.3) or mod_cband (Apache 2.x) are worth a look. Otherwise for a more basic solution I suppose you could keep a timestamp per request in your application and use some custom logic to determine if the request seems worthy of reply.

On 01/02/2007, at 11:21 AM, Owen McKerrow wrote:

Sorry slow brain day, I do of course mean a DoS attack. Thanks Kevin :)

I realize that you can do things at the firewall router level, just wondering if there is any tricks people have used in there WO apps directly.

Owen McKerrow
WebMaster, emlab
Ph : +61 02 4221 5517
http://emlab.uow.edu.au

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
'The test of a first-rate intelligence is the ability to hold two opposed ideas in the mind at the same time and still be able to function.'
-F.Scott Fitzgerald,


On 01/02/2007, at 11:00 AM, Owen McKerrow wrote:

Hi All,

On Tuesday afternoon one of our apps received over 10,000 requests for the 1 page, by the same user in under 1 hour. The site kept running ( it got slower and slower ) with one out of memory exception for another user. There was only a very small chance it was a real DoS attack, what I assumed had happened ( I have heard stories of this happening from other people ) is that something fell onto his keyboard on the "F5" refresh key after he had walked out of his office.
What actually happened was that Firefox locked up his whole machine ( the power button didn't even work ) and in the end he just got up and walked away in frustration.

So what Im wondering is does anybody have any suggestions on what to do about DoS attacks be they accidental or on purpose.

Owen McKerrow
WebMaster, emlab
Ph : +61 02 4221 5517
http://emlab.uow.edu.au

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"As of tomorrow, employees will only be able to access the building using individual security cards. Pictures will be taken next Wednesday employees will receive their cards in two weeks."
- "Dilbert Quotes" Winner, Fred Dales, Microsoft Corp


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40uow.edu.au

This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com

This email sent to email@hidden 

with regards,
--

Lachlan Deck



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com

This email sent to email@hidden


--
__ Jerry W. Walker,
WebObjects Developer/Instructor for High Performance Industrial Strength Internet Enabled Systems

    email@hidden
    203 278-4085        office



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Suggestions for handling DoS attack, well kind of

      • From: Philippe Lafoucrière <email@hidden>
      • 



    

  • Prev by Date:
Re: EOQualifier.filterArrayWithQualifier weirdness

    • 

  • Next by Date:
Re: EOQualifier.filterArrayWithQualifier weirdness

    • 

  • Previous by thread:
Re: EOQualifier.filterArrayWithQualifier weirdness

    • 

  • Next by thread:
Re: Suggestions for handling DoS attack, well kind of

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •