Protecting against Keep-Dead Denial of service

security ddos denial-of-service

Solution 1:

Disable HTTP keep-alive, or install a server that isn't effected by this as a proxy in front of Apache. Nginx would be a good choice here.

This attack appears to be similar to the Slowloris attack, in that it exploits a specific feature of Apache. It's pretty trivial to defend against.

Note: If you install nginx, disable keep-alive on apache, and keep it enabled on nginx.

Solution 2:

Keep-Dead works by sending HEAD requests while keeping the TCP connection alive (Keep-Alive, thus the name of the script). That is probably quite distinct from legit requests to your webserver that would probably mostly be POST/GET. Ask your IDS/IPS to detect numerous HEAD requests within a short timespan and do what's appropriate.

Related

What is a modern equivalent for smokeping? [closed]
What is the best practice to keep a linux ubuntu server up to date (build packages, dist-upgrade, alt repos...)
Linux - How to tell which files are sourced at login?
How to setup a email address for a domain on Amazon EC2?
Is there a way of consolidating multiple GPOs into one GPO
DNS Lookups for local MAMP web server URL taking 5+ seconds
The RSA key container could not be opened. Windows Server 2008 R2
Is FreeNAS ready for the enterprise?
Is the Burst Laser I superior to the Dual Lasers?
Crysis crashes on Windows 8 Pro - what to do?
Can I use turrets but still get the "Ghost" experience points?
Does a hunter's machete increase damage from smite?