Results 1 to 3 of 3

Thread: Dos Question

  1. #1
    Join Date
    Jun 2005

    Dos Question

    Hey i have a bit of a question for Dos attacks

    well i recieved one about 3 days agoi and when i recieved one i took action and closed my site ....then i proceeded to get some Dos protection (im running php nuke) it died down to about 8 people at my site on the same page instead of 230 with the Dos protection but my question is as soon as my site setback up it would return instantly untill it gave up like a day later .....why is that....hope this isnt a really stupid question

  2. #2
    Join Date
    Mar 2003
    California USA
    what kind of dos protection did you "use"
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  3. #3
    The answer to your question is memory.
    Dos attacks open up thousands of bogus tcp connections. Due to the way the tcp/ip stack is implemented, each connection stores some amount of data in memory during the "handshake process" The bogus connections during a dos attack start that handshake, but never finish it, leaving the connection half open and that memory "used" in your server. It does this many many many times per second, eventually overloading your server and eating up all the memory. At which point, your apache server (and pretty much anything else trying to execute and use memory) fails.

    True dos attack prevention hardware is very very expensive (which is probably why the skeptical question about your protection). essentially that hardware is very specialized (usually) and very very fast. it acts as a middle man between your server and the dos attack. each bogus connection initiates a handshake with the dos attack "mitigator", and since it never finishes the handshake, the mitigator never passes on the bogus connection to the server. Legit connections DO finisht the handshake, at which point the mitigator passes the connection along to the server, and the conversation continues like nothing ever happened.

    I hope this sheds some light on your problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts