If any hacker is trying to attack your server using HTTP flood tactic then there is only single way using which you can prevent your server from such attack and is know as “tarpitting” In HTTP flood attack hacker usually sends randomized HTYP request to your server making it unstable or can even can crash it. HTTP flood attacks are very difficult to handle as there is almost no way to identify legitimate packets from the ones which are sent by the hacker thus it’s difficult to tackle such situation. The main target of HTTP flood ddos attack is not just the servers TCP/IP stack but the web server running on it thus it results in more serious attack which is not easy to handle and your server may crash down making it inaccessible.
There is a solution for handling such HTTP flood ddos attack.
You can use advance technique called “tarpitting”using which you can fight such attack more efficiently. If you are on Linux based server then you can enable tarpitting using following command:
iptables -A INPUT -s x.x.x.x -p tcp -j TARPIT
Now tarpitting will automatically sets connections window size to few bytes once it is established successfully. According to TCP/IP protocol design, the connecting device will initially only send as much data to target as it takes to fill the window until the server responds. If in case the connecting device does not receive out response it will start sending the packets again and again over longer period of time.
Thus here comes the role of “tarpitting” which will not to respond again to the packets, that didn’t respond at first time and hence thereby spoofed protecting your server from getting unwanted HTTP requests.
More Ref :
1) http://www.symantec.com/connect/articles/slow-down-internet-worms-tarpits
2) http://www.linuxjournal.com/article/7180
3) http://terrarum.net/administration/surviving-an-http-ddos-attack.html
There is a solution for handling such HTTP flood ddos attack.
You can use advance technique called “tarpitting”using which you can fight such attack more efficiently. If you are on Linux based server then you can enable tarpitting using following command:
iptables -A INPUT -s x.x.x.x -p tcp -j TARPIT
Now tarpitting will automatically sets connections window size to few bytes once it is established successfully. According to TCP/IP protocol design, the connecting device will initially only send as much data to target as it takes to fill the window until the server responds. If in case the connecting device does not receive out response it will start sending the packets again and again over longer period of time.
Thus here comes the role of “tarpitting” which will not to respond again to the packets, that didn’t respond at first time and hence thereby spoofed protecting your server from getting unwanted HTTP requests.
More Ref :
1) http://www.symantec.com/connect/articles/slow-down-internet-worms-tarpits
2) http://www.linuxjournal.com/article/7180
3) http://terrarum.net/administration/surviving-an-http-ddos-attack.html