[Koha] any recommended best practises for handling DoS / DDoS attacks on Koha?

Scott Owen sowen at edzone.net
Tue Feb 9 02:30:32 NZDT 2016


Not really Koha specific, but, as a rule....

Work upstream, not down.
Make sure you have your Internet providers Network Operations Center (NOC)
telephone number, and know exactly who to talk to.
If you have piles of spare cash sitting around, you could always make some
sort of deal with a second provider as a fail-safe and/or roll-over
connection.

The best way to handle a true Ddos attack is to push the offending traffic
as far away from your network/Internet connection as possible. You will
need your providers help to do this.
Trying to (or even succeeding) at blocking the offending traffic at a local
level doesn't really help the situation much.
You may succeed in keeping the traffic off your LAN, and your LAN may
become usable, but, if you have a forward facing (Internet accessible)
service (like maybe Koha..), it will probably still be unusable due to the
massive amount of traffic being generated at the firewall border. Turning
off any NAT's to the service is one way to make it accessible via the LAN,
but, the service will then not be accessible from the commodity/public
Internet.

At a local firewall level, a massive flood of any type of traffic (that can
pass through your firewall) is a bad bad thing.
Your first real susceptible parameter is going to be your "connections per
second" and you'll hit that pretty quickly under any real Ddos flood, or if
you have a big-bad box and can handle the connections, you'll hit the state
table limit, no matter how high it is.

Under a true Ddos attack, your firewall is probably the weakest link, and
will be the first system to fail.
Have a good backup and if possible, have some sort of secondary connection.

On Mon, Feb 8, 2016 at 7:33 AM, Indranil Das Gupta <indradg at gmail.com>
wrote:

> Hi all,
>
> Last night I managed to DoS someone's Koha box accidentally, Of course
> I called up to inform them that they need to restart the services. But
> this set me thinking. Anyone running a crawler against the export
> options in the OPAC can DoS down a stock Koha install running on a
> VPS, by flooding it with too many requests too fast.
>
> What are the usual recommended practises to limit / mitigate / handle
> such cases?
>
> thanks in advance
>
> --
> Indranil Das Gupta
>
> Phone : +91-98300-20971
> Blog    : http://indradg.randomink.org/blog
> IRC      : indradg on irc://irc.freenode.net
> Twitter : indradg
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-
> Please exchange editable Office documents only in ODF Format. No other
> format is acceptable. Support Open Standards.
>
> For a free editor supporting ODF, please visit LibreOffice -
> http://www.documentfoundation.org
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>


More information about the Koha mailing list