Networking Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationNetworking Help

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old May 4th, 2004, 12:03 AM
SQLImpaired SQLImpaired is offline
Runs with scissors
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Feb 2004
Location: Canton, Ohio
Posts: 104 SQLImpaired User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 6
Unhappy Route incoming request to 127.0.0.1?

I remember hearing / reading that it's possible to route incoming requests from a specific IP to 127.0.0.1 to minimize the effects of 'hammering' on your server. -Am I remembering correctly or can someone perhaps point me in the right direction?

The actual issue is that I have some moron of a spammer hammering the living heck out of my Win2K server with attmepts to deliver spam. Hammering to the point that my mail server (TNSoft's mail server) is peaking at 90% CPU from time to time.

The requests are all coming from 1 of 3 IP's (blocked) but the resource usage is unacceptably high. I had read that routing requests from xxx.xxx.xxx IP(s) to 127.0.0.1 could help, but I'm afraid I have no idea of how to do this (if, in fact, the assumption is correct).

Thanks in advance for any help on this one!
__________________
--------------------------------------------
Just because you're paranoid doesn't mean
they're not out to get you.
--------------------------------------------

Reply With Quote
  #2  
Old May 4th, 2004, 07:23 AM
juniperr juniperr is offline
network dude
Dev Shed Intermediate (1500 - 1999 posts)
 
Join Date: Dec 2003
Posts: 1,698 juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level)juniperr User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 2 Weeks 4 h 54 m 26 sec
Reputation Power: 109
what do you mean they are blocked? You should be blocking this from your firewall not the server (this is also why you dont use a server with software firewall). If you dont have a firewall at the router put an ACL in there that blocks those three address' from coming in or you can route them to null0. basicly you are under a DOS attack, and can call your ISP and have that blocked from there also.

Reply With Quote
  #3  
Old May 4th, 2004, 07:54 AM
SQLImpaired SQLImpaired is offline
Runs with scissors
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Feb 2004
Location: Canton, Ohio
Posts: 104 SQLImpaired User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 6
Thanks for the reply juniperr,

Unfortunately this is on a box colocated with an ISP who doesn't provide much in the way of firewalls, etc... I agree that best practices say to put the workload of filtering on something other than the server but in this instance it's not an option I have available.

The 'blocking' that's taking place at this point is all on the mail-server side, using it's built in anti-spam features. While they work fine for refusing connections from a few IP's - or even a lot of IP's under a light load with ocassional requests - they're not coping well with a high amount of hammering. -Hence my hope for another solution (like redirecting all request from IP xxx.xxx.xxx.xxx:110/25 to 127.0.0.1 - in other words, "right-back-at-ya".

Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationNetworking Help > Route incoming request to 127.0.0.1?


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump



 Free IT White Papers!
 
How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.

 
Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.

 
Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.

 
Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.

 
Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.

 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
Stay green...Green IT