Code Red?

I've got a server getting absolutely hammered with ddos attacks. The requests are coming from all over the map, so I'm guessing the ip's are spoofed.
The files requested are cmd.exe and root.exe...but it's a Linux box. This is killing Apache. It keeps dying, then comes up, only to get hammered again.

Does anyone have ANY ideas on what I can do? I'm tailing the error_log and adding those ips to hosts.deny, but I'm guessing that's not doing much good.

The really weird part is that this isn't aimed against any one site or ip. It's going thru each virtual site, somehow.

 

 

 

 

Top