Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: what is the better way to protect my server from DDos Attack
Special Forums Cybersecurity what is the better way to protect my server from DDos Attack Post 302213476 by lunc on Thursday 10th of July 2008 07:26:51 AM
Old 07-10-2008
Hi!

First of all you should determine from which kind of DDoS you suffer. The most common DDoS types (by OSI levels):

1) Network (bandwidth limits). The number of DDoS agents can send you enormous number of any packets. It's no matter whether your server reject them or not, the meaning of such attack is exhasting of you bandwidth. Usually, web-hosting providers, which specializes on anti DDoS services, provides network chanels with very high network badwidth.

2) Transport (for example SYN flood). There is a lot of solutions: Cisco routers with special DDoS prevention functionality, SYN cookies in your OS kernel etc. Also a reverse-proxies farm could help in this case.

3) Application (DDoS targeted on application service like HTTP server). In general case this kind of attack is the same as flush event, when your service has enormous number of _valid_ users as a result of, for example, excelent advertising or flash mob. However:

a) it is possibly to drop dynamicly the most flodive subnetworks by simple measuring of number of requests from the subnetwork (Cisco also has such solutions on routers). However, this solution will work badly if DDoS agents are internet propagated trojans, so a lot of internet networks will infected and involved into the attack. By this way such solution will block a lot of sub-network or won't blok anything (depending on sensitivity of DDoS sensors).

b) such system (desribed in previous point) could has some service semantics in its sensors. For example, it can make clustering of posible DDoS zombie sub-networks by number of heurisics like value of heavy requests, ratio of requests to received responses, requests signatures and so on. By corelating of these parameters such system can block DDoS requests more precisely. I don't know about market solutions of such systems. My company provides such solutions only by individual clients requests...

So DDoS prevention is quite complex problem which requires also complex measures.
lunc
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies

2. Linux

Binary files damaged after attack on the server

Hello, a few days ago (June 19) a server that I manage has suffered an attack. Analyzing the log I discovered that there were several attempts to access a web scanner called w00tw00t.at.ISC.SANS.DFind I set the firewall to prevent further visits from this scanner. The problem is that the... (3 Replies)
Discussion started by: viessenetwork
3 Replies

3. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ... (1 Reply)
Discussion started by: darakas
1 Replies

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

5. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

6. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies

7. What is on Your Mind?

Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT PHP

mountd

mountd(1M)																mountd(1M)

NAME

       mountd - server for NFS mount requests and NFS access checks

SYNOPSIS

       /usr/lib/nfs/mountd [-v] [-r]

       mountd  is  an  RPC  server  that  answers  requests  for  NFS  access  information  and  file  system  mount  requests.  It reads the file
       /etc/dfs/sharetab to determine which file systems are available for mounting by which remote machines. See sharetab(4). nfsd running on the
       local  server  will  contact mountd the first time an NFS client tries to access the file system to determine whether the client should get
       read-write, read-only, or no access. This access can be dependent on the security mode used in the remoted procedure call from the  client.
       See share_nfs(1M).

       The command also provides information as to what file systems are mounted by which clients. This information can be printed using the show-
       mount(1M) command.

       The mountd daemon is automatically invoked by share(1M).

       Only super user can run the mountd daemon.

       The options shown below are supported for NVSv2/v3 clients. They are not supported for Solaris NFSv4 clients.

       -r	Reject mount requests from clients. Clients that have file systems mounted will not be affected.

       -v	Run the command in verbose mode. Each time mountd determines what access a client should get, it will log the result to  the  con-
		sole, as well as how it got that result.

       /etc/dfs/sharetab       shared file system table

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnfssu 		   |
       +-----------------------------+-----------------------------+

       nfsd(1M), share(1M), share_nfs(1M), showmount(1M), nfs(4), sharetab(4), attributes(5)

       Since  mountd  must  be	running for nfsd to function properly, mountd is automatically started by the svc:/network/nfs/server service. See
       nfs(4).

       Some routines that compare hostnames use case-sensitive string comparisons; some do not. If an incoming request fails, verify that the case
       of the hostname in the file to be parsed matches the case of the hostname called for, and attempt the request again.

								    27 Apr 2005 							mountd(1M)
All times are GMT -4. The time now is 07:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy