what is the better way to protect my server from DDos Attack Post: 302213476

Sponsored Content

Special Forums Cybersecurity what is the better way to protect my server from DDos Attack Post 302213476 by lunc on Thursday 10th of July 2008 07:26:51 AM

07-10-2008

lunc

Guest

Hi!

First of all you should determine from which kind of DDoS you suffer. The most common DDoS types (by OSI levels):

1) Network (bandwidth limits). The number of DDoS agents can send you enormous number of any packets. It's no matter whether your server reject them or not, the meaning of such attack is exhasting of you bandwidth. Usually, web-hosting providers, which specializes on anti DDoS services, provides network chanels with very high network badwidth.

2) Transport (for example SYN flood). There is a lot of solutions: Cisco routers with special DDoS prevention functionality, SYN cookies in your OS kernel etc. Also a reverse-proxies farm could help in this case.

3) Application (DDoS targeted on application service like HTTP server). In general case this kind of attack is the same as flush event, when your service has enormous number of _valid_ users as a result of, for example, excelent advertising or flash mob. However:

a) it is possibly to drop dynamicly the most flodive subnetworks by simple measuring of number of requests from the subnetwork (Cisco also has such solutions on routers). However, this solution will work badly if DDoS agents are internet propagated trojans, so a lot of internet networks will infected and involved into the attack. By this way such solution will block a lot of sub-network or won't blok anything (depending on sensitivity of DDoS sensors).

b) such system (desribed in previous point) could has some service semantics in its sensors. For example, it can make clustering of posible DDoS zombie sub-networks by number of heurisics like value of heavy requests, ratio of requests to received responses, requests signatures and so on. By corelating of these parameters such system can block DDoS requests more precisely. I don't know about market solutions of such systems. My company provides such solutions only by individual clients requests...

So DDoS prevention is quite complex problem which requires also complex measures.

lunc

7 More Discussions You Might Find Interesting

1. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2?

2. Linux

Binary files damaged after attack on the server

Hello, a few days ago (June 19) a server that I manage has suffered an attack. Analyzing the log I discovered that there were several attempts to access a web scanner called w00tw00t.at.ISC.SANS.DFind I set the firewall to prevent further visits from this scanner. The problem is that the...

3. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ...

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker.

5. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This...

6. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but...

7. What is on Your Mind?

Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the...

LEARN ABOUT NETBSD

nfsd

NFSD(8) 						    BSD System Manager's Manual 						   NFSD(8)

NAME

     nfsd -- remote NFS server

SYNOPSIS

     nfsd [-6rut] [-n num_threads]

DESCRIPTION

     nfsd runs on a server machine to service NFS requests from client machines.  At least one nfsd must be running for a machine to operate as a
     server.

     Unless otherwise specified, four servers for UDP transport are started.

     The following options are available:

     -r      Register the NFS service with rpcbind(8) without creating any servers.  This option can be used along with the -u or -t options to
	     re-register NFS if the portmap server is restarted.

     -n      Specifies how many server threads to create.  The default is 4.  A server should run enough threads to handle the maximum level of
	     concurrency from its clients.

     -6      Listen to IPv6 requests as well as IPv4 requests. If IPv6 support is not available, nfsd will silently continue and just use IPv4.

     -t      Serve TCP NFS clients.

     -u      Serve UDP NFS clients.

     For example, ``nfsd -t -u -n 6'' serves UDP and TCP transports using six threads.

     nfsd listens for service requests at the port indicated in the NFS server specification; see Network File System Protocol Specification, RFC
     1094 and NFS: Network File System Version 3 Protocol Specification.

     The nfsd utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

     nfsstat(1), nfssvc(2), mountd(8), rpcbind(8)

HISTORY

     The nfsd utility first appeared in 4.4BSD.

BSD
								  March 17, 2008							       BSD