Not really Koha specific, but, as a rule.... Work upstream, not down. Make sure you have your Internet providers Network Operations Center (NOC) telephone number, and know exactly who to talk to. If you have piles of spare cash sitting around, you could always make some sort of deal with a second provider as a fail-safe and/or roll-over connection. The best way to handle a true Ddos attack is to push the offending traffic as far away from your network/Internet connection as possible. You will need your providers help to do this. Trying to (or even succeeding) at blocking the offending traffic at a local level doesn't really help the situation much. You may succeed in keeping the traffic off your LAN, and your LAN may become usable, but, if you have a forward facing (Internet accessible) service (like maybe Koha..), it will probably still be unusable due to the massive amount of traffic being generated at the firewall border. Turning off any NAT's to the service is one way to make it accessible via the LAN, but, the service will then not be accessible from the commodity/public Internet. At a local firewall level, a massive flood of any type of traffic (that can pass through your firewall) is a bad bad thing. Your first real susceptible parameter is going to be your "connections per second" and you'll hit that pretty quickly under any real Ddos flood, or if you have a big-bad box and can handle the connections, you'll hit the state table limit, no matter how high it is. Under a true Ddos attack, your firewall is probably the weakest link, and will be the first system to fail. Have a good backup and if possible, have some sort of secondary connection. On Mon, Feb 8, 2016 at 7:33 AM, Indranil Das Gupta <indradg@gmail.com> wrote:
Hi all,
Last night I managed to DoS someone's Koha box accidentally, Of course I called up to inform them that they need to restart the services. But this set me thinking. Anyone running a crawler against the export options in the OPAC can DoS down a stock Koha install running on a VPS, by flooding it with too many requests too fast.
What are the usual recommended practises to limit / mitigate / handle such cases?
thanks in advance
-- Indranil Das Gupta
Phone : +91-98300-20971 Blog : http://indradg.randomink.org/blog IRC : indradg on irc://irc.freenode.net Twitter : indradg
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=- Please exchange editable Office documents only in ODF Format. No other format is acceptable. Support Open Standards.
For a free editor supporting ODF, please visit LibreOffice - http://www.documentfoundation.org _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha