[linux-elitists] web server software for tarpitting?
Robert Edmonds
edmonds@debian.org
Mon Feb 11 10:38:59 PST 2008
On 2008-02-11, Gerald Oskoboiny <gerald@impressive.net> wrote:
> The other day we posted an article [1] about excessive traffic
> for DTD files on www.w3.org: up to 130 million requests/day, with
> some IP addresses re-requesting the same files thousands of times
> per day. (up to 300k times/day, rarely)
>
> The article goes into more details for those interested, but the
> solution I'm thinking will work best (suggested by Don Marti
> among others) is to tarpit the offenders.
I have no experience with application layer tarpitting, but for
extremely persistent IP addresses I'd suggest TCP zero window tarpitting
-- this can hang a TCP connection for 12-24 minutes or so with only a
few packets. Check out the iptables TARPIT and ipset modules; relevant
Debian packages are netfilter-extensions and ipset.
--
Robert Edmonds
edmonds@debian.org
More information about the linux-elitists
mailing list