Our web server is presently undergoing what is known as a “Slow and Low” denial of service attack. In this type of attack someone initiates a large number of connections from sources which are very slow. This limits our servers ability to finish a connection and so it eats up all available connections. To counter this we’ve increased greatly the number of connections available but it still eats up a lot of memory forcing cached data out so the system must go to disk for most requests which slows things down. Unfortunately our router decided to pick this time for a firmware upgrade and so traffic analyses is not available until the upgrade completes so we can’t readily identify and lock-out the source.
