being DOSed

JJB Barbish3 at
Wed Apr 21 19:26:56 PDT 2004

Edit httpd.conf and change the port it listens on, or add firewall
rule to block inbound port 80. check http log to id attacking ip's,
look for recurring cycle in ip address and add firewall rule to
block. Be sure your http logs are configured to rotate and not fill
all disk space then just ride it out.

If you use dynamic ip address, turn off you cable or dsl modem for 3
min and when you power back up hopefully you will be issued an new
ip address. This will stop attach if attack is targeted directly at
you ip address and not using dsn to find you.

I use zoneedit to redirect my domain name to different port than 80
and that stopped all http dos attacked based on directly targeted ip
address. In most cases the attacker has port scanned all ip address
in some large range looking for port 80 and when found he records ip
address to launch spoofed sending ip address attack directly at your
ip address. is free for up to 5 domain names.

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at]On Behalf Of meimi
Sent: Wednesday, April 21, 2004 8:22 PM
To: Tuc
Cc: freebsd-questions at
Subject: Re: being DOSed

I have found some IPs are opening 10 HTTP connection. Their IPs are
and all IPs are from different ISP network.
What should I do next?

----- Original Message -----
From: "Tuc" <tuc at>
To: "meimi" <meimi_1 at>
Sent: Thursday, April 22, 2004 7:29 AM
Subject: Re: being DOSed

> >
> > Hello,
> >   The bandwidth usage for my server is tripled for 3 hours. When
I run
> > "top", I find many httpd process in sbwait status. So, I think
> > DOSing my server.
> >   How can I check who is DOSing me? and how can I solve it?
> > Thanks
> > Meimi
> Quickly :
> netstat -an | sort | grep tcp4|more
> Look for an IP with alot of connections. (We have a script that
> actually will count this for us, but its not just for FreeBSD so
> long)
> Tuc/TTSG Internet Services, Inc.
freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list