Not easy, but iptables and tarpits can come to the rescue because worms work in specific top layer, the software layer and the weak side of the worm is the o.s. level, read: http://www.nbs-system.com/blog/ddos_counter_measures.html (link article philip)
polonus
There are a combination of measures that can be taken, IDS like specific snort IDS rules like
http://code.google.com/p/hackfest/source/browse/snort/rules/ddos.rules?repo=realtime&r=41b25fc2e260379104c3bd16cfd67dfd0d1a8486&spec=svn.realtime.41b25fc2e260379104c3bd16cfd67dfd0d1a8486 link author = michael
Interesting analysis of tool and the according snort sigs: http://blog.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html
article submitted By Rodrigo Montoro
This in combination with mod_evasive-module for instance…http://www.helicontech.com/articles/prevent-dos-attacks-with-helicon-ape-mod_evasive-module/
There are five directives to be configured to protect against DoS from Blacklisted IPs.
- DOSPageInterval : Sets the minimum accessible interval between two requests to a page from the same IP.
- DOSSiteInterval : Sets a minimum accessible interval between two requests to a site from the same IP.
- DOSPageCount : Sets the limit for a number of too short requests to the same page
- DOSSiteCount : Sets the limit for a number of too short requests to the same site.
- DOSBlockingPeriod: How much time bad IP should be blocked.
polonus
http://www.apache.org/.
A DDOS, or ‘Distributed Denial-Of-Service attack’, is basically similar to when a site gets flooded by too many users, using the server’s bandwidth to the Max causing a freeze.
Often used by large collections of single user Computers which have been compromised, formed into a ‘Bot’, or ‘BotNet’.
The simplest evasive tactic I’ve come across is to have a backup cloned server with a different IP Address which immediately restores the site, leaving experts to backtrack the DDOS attack with time to process incoming data, on the attacked server.
A Malware teaching website, http://www.malwareremoval.com, explained this tactic in avoiding DDOS attacks while getting on with their business.