[ILUG-BOM] How can I secure my server from DoS attack ?

Neelesh Gurjar neel.hjs at gmail.com
Tue Jun 23 16:42:44 IST 2009

I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel
and Apache 1.3.37 running on it.

2 days back I got one script to test DoS attack on website. It is called
slowloris.pl  from http://ha.ckers.org/slowloris/

I run that script against my server and it worked. It stopped my website for
some time. That time all other services like SSH were working fine.

Can anybody suggests any configuration changes at Apache and OS/Kernel level
to prevent from this type of attack ?

Currently I am using following settings:

Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

Then Kernel settings are like :
tcp_keepalive_time 7200
tcp_keepalive_time 9
tcp_keepalive_intvl 75
tcp_syn_retries 5
tcp_synack_retries 5
tcp_fin_timeout 60


LINUX is basically a simple operating system, but you have to be a genius to
understand the simplicity

More information about the Linuxers mailing list