Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: what is the better way to protect my server from DDos Attack
Special Forums Cybersecurity what is the better way to protect my server from DDos Attack Post 302213476 by lunc on Thursday 10th of July 2008 07:26:51 AM
Old 07-10-2008
Hi!

First of all you should determine from which kind of DDoS you suffer. The most common DDoS types (by OSI levels):

1) Network (bandwidth limits). The number of DDoS agents can send you enormous number of any packets. It's no matter whether your server reject them or not, the meaning of such attack is exhasting of you bandwidth. Usually, web-hosting providers, which specializes on anti DDoS services, provides network chanels with very high network badwidth.

2) Transport (for example SYN flood). There is a lot of solutions: Cisco routers with special DDoS prevention functionality, SYN cookies in your OS kernel etc. Also a reverse-proxies farm could help in this case.

3) Application (DDoS targeted on application service like HTTP server). In general case this kind of attack is the same as flush event, when your service has enormous number of _valid_ users as a result of, for example, excelent advertising or flash mob. However:

a) it is possibly to drop dynamicly the most flodive subnetworks by simple measuring of number of requests from the subnetwork (Cisco also has such solutions on routers). However, this solution will work badly if DDoS agents are internet propagated trojans, so a lot of internet networks will infected and involved into the attack. By this way such solution will block a lot of sub-network or won't blok anything (depending on sensitivity of DDoS sensors).

b) such system (desribed in previous point) could has some service semantics in its sensors. For example, it can make clustering of posible DDoS zombie sub-networks by number of heurisics like value of heavy requests, ratio of requests to received responses, requests signatures and so on. By corelating of these parameters such system can block DDoS requests more precisely. I don't know about market solutions of such systems. My company provides such solutions only by individual clients requests...

So DDoS prevention is quite complex problem which requires also complex measures.
lunc
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies

2. Linux

Binary files damaged after attack on the server

Hello, a few days ago (June 19) a server that I manage has suffered an attack. Analyzing the log I discovered that there were several attempts to access a web scanner called w00tw00t.at.ISC.SANS.DFind I set the firewall to prevent further visits from this scanner. The problem is that the... (3 Replies)
Discussion started by: viessenetwork
3 Replies

3. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ... (1 Reply)
Discussion started by: darakas
1 Replies

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

5. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

6. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies

7. What is on Your Mind?

Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT HPUX

vtdaemon

vtdaemon(1M)															      vtdaemon(1M)

NAME

       vtdaemon - respond to vt requests

SYNOPSIS

       lan_device lan_device ...

DESCRIPTION

       responds  to  requests from other systems (via local area network) made by (see vt(1)).	spawns a server to respond to each request that it
       receives.

   Options
       recognizes the following command-line options and arguments:

	      Causes	to rebroadcast all requests received on one lan device to all other lan  devices  specified  on  the  command  line.   The
			optional  parameter  ngateway specifies the maximum number of vtgateway servers that can be in operation concurrently.	If
			ngateway is not specified, there is no limit on the number of vtgateway servers that can be in operation concurrently.

	      Causes	vtdaemon to ignore all requests that have come through a gateway.

       The remaining arguments are the full path names of lan devices that vtdaemon looks for requests on.  If no lan devices are  specified,  the
       default lan device is used.

       The major number for this device must correspond to a IEEE 802.3 local area network device.

       Another	function  of is to create portals and service portal requests.	A portal is a callout device that can be used by to communicate to
       another machine via local area network (see uucico(1M)).  Portals are created by according to the configuration information  found  in  the
       file Each line in has the format:

	      <calldev>[,<lan device>] <nodename>

       For  each  line,  creates a portal named calldev in Whenever this device is opened, spawns a server that creates a connection to the system
       specified by nodename via the lan device specified.  If no lan device is specified, the first one specified on the command  line  when  was
       started is used (or the default lan device is used if no lan devices were specified on the command line).

       should be terminated by sending signal to it.  When receives this signal it removes all of the portals it created in before exiting.

DIAGNOSTICS

       Diagnostics messages produced by are written to

WARNINGS

       uses  the Hewlett-Packard (Link Level Access) direct interface to the HP network drivers.  uses the multicast address It should not be used
       or deleted by other applications accessing the network.	uses the following IEEE 802.3 sap (service access point) values: and  They  should
       not be used by other applications accessing the network.

   Desktop HP-UX
       If  your  system  has been installed with the Desktop HP-UX product, then both and will not be started by default.  In order to start these
       daemons, change PTYDAEMON_START and VTDAEMON_START from a "0" to a "1" in the and files, respectively.  The system must either be  rebooted
       for these changes to take effect, or you can manually start both daemons by typing :

       where /dev/lan0 is the character special device file corresponding to the IEEE802.3 local area network device.

FILES

       logfile used by		     vtdaemon.
       default lan device name.

SEE ALSO

       vt(1), uucico(1M).

																      vtdaemon(1M)
All times are GMT -4. The time now is 11:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy