I am looking for best practices for detecting and preventing DOS in the service implementation (not external network monitoring). The service handles queries for user, group and attribute information. What is your favorite source of information on dealing with DOS? ...
What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ? I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try wel...
I'm looking for a good and inexpensive way to prevent denial of service attacks on my ASP.NET MVC site. I've been thinking about a solution that intercepts the HttpHandler and then counts requests in the Cache object, with the key being something like "RequestCount_[IpAddressOfRequestClient]" but that seems like it would generate a cra...
This might be something more suited for Serverfault, but many webdevelopers who come only here will probably benefit from possible answers to this question. The question is: How do you effectively protect yourself against Denial Of Service attacks against your webserver? I asked myself this after reading this article: http://isc.sans.o...
I'm working my way through UNIX Network Programming Volume 1 by Richard Stevens and attempting to write a TCP Echo Client that uses the Telnet protocol. I'm still in the early stages and attempting to write the read and write functions. I'd like to write it to use I/O Multiplexing and the Select function, because it needs to be multi...
I am writing some application logic which can recognize malformed or malicious http post data requests made to an IIS 5 aspx page. What is the most efficient way to terminate a bad request? At the point where a bad request is identified there will be no buffered output and the C# function exit stack is shallow. My hunch at the moment i...
I'm trying to log download statistics for .pdfs and .zips (5-25MB) in a rails app that I'm currently developing and I just hit a brick wall; I found out our shared hosting provider doesn't support mod_xsendfile. The sources I've read state that without this, multiple downloads could potentially cause a DoS issue—something I'm definitely ...
Hi Is there a way to prevent users from locking up a linux machine with code something along the lines of: #import <stdio.h> int main (int argc, char** argv) { while (1) fork(); } The computers in question are in a computer lab, so I can't exactly disallow compiling... but is there some way of ensuring such processes only...
So, I'm looking into Permanent DOS attacks for a class, and I'm having a hard time coming up with concrete examples. There's a lot of information about Phlashing (flashing firmware to either brick the device, or put malicious firmware in its place, for those of you who don't know the term) but I'd like to have a broader set of examples. ...
I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would help detect clients that aren't authorized or behave improperly, or detect multiple people using the same account. Also we need a way to prevent ...
How could I know that a lot of requests in a short period of time come from a DoS attack and not from normal browser requests? ...
So this is more of a general question on the best practice of preventing DoS attacks, I'm just trying to get a grasp on how most people handle malicious requests from the same IP address which is the problem we are currently having. I figure it's better to block the IP of a truly malicious IP as high up as possible as to prevent using ...
I'm developing a website and am sensitive to people screen scraping my data. I'm not worried about scraping one or two pages -- I'm more concerned about someone scraping thousands of pages as the aggregate of that data is much more valuable than a small percentage would be. I can imagine strategies to block users based on heavy traffic...
Hi everyone. I'm building a WCF Service that uses Custom Username/Password validation on netTcpBinding with message level security. I've been researching MaxReceivedMessageSize settings and I've got a query of a rather technical nature. I've noticed that when you specify a custom username validator that it gets called deep inside the pl...
It seems most people advice going with some sort of hardware solution in load balancers for DOS attacks. I notice if you try to do a curl on any major/semi-major website you get a 301. For someone with a modest budget, what's the best way to protect against DOS attacks in rails, if there is no solid solution, what's the 2nd best thing s...
I've notice some strange behaviour on my Drupal site. I like to understand the data I'm looking at before I take action so that I don't waste time pursuing the wrong measures, but I'm lacking security knowledge to interpret. A single account has made many odd repeat requests, including attempting to reach the edit profile page, logging...