Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: what is the better way to protect my server from DDos Attack
Special Forums Cybersecurity what is the better way to protect my server from DDos Attack Post 302213476 by lunc on Thursday 10th of July 2008 07:26:51 AM
Old 07-10-2008
Hi!

First of all you should determine from which kind of DDoS you suffer. The most common DDoS types (by OSI levels):

1) Network (bandwidth limits). The number of DDoS agents can send you enormous number of any packets. It's no matter whether your server reject them or not, the meaning of such attack is exhasting of you bandwidth. Usually, web-hosting providers, which specializes on anti DDoS services, provides network chanels with very high network badwidth.

2) Transport (for example SYN flood). There is a lot of solutions: Cisco routers with special DDoS prevention functionality, SYN cookies in your OS kernel etc. Also a reverse-proxies farm could help in this case.

3) Application (DDoS targeted on application service like HTTP server). In general case this kind of attack is the same as flush event, when your service has enormous number of _valid_ users as a result of, for example, excelent advertising or flash mob. However:

a) it is possibly to drop dynamicly the most flodive subnetworks by simple measuring of number of requests from the subnetwork (Cisco also has such solutions on routers). However, this solution will work badly if DDoS agents are internet propagated trojans, so a lot of internet networks will infected and involved into the attack. By this way such solution will block a lot of sub-network or won't blok anything (depending on sensitivity of DDoS sensors).

b) such system (desribed in previous point) could has some service semantics in its sensors. For example, it can make clustering of posible DDoS zombie sub-networks by number of heurisics like value of heavy requests, ratio of requests to received responses, requests signatures and so on. By corelating of these parameters such system can block DDoS requests more precisely. I don't know about market solutions of such systems. My company provides such solutions only by individual clients requests...

So DDoS prevention is quite complex problem which requires also complex measures.
lunc
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies

2. Linux

Binary files damaged after attack on the server

Hello, a few days ago (June 19) a server that I manage has suffered an attack. Analyzing the log I discovered that there were several attempts to access a web scanner called w00tw00t.at.ISC.SANS.DFind I set the firewall to prevent further visits from this scanner. The problem is that the... (3 Replies)
Discussion started by: viessenetwork
3 Replies

3. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ... (1 Reply)
Discussion started by: darakas
1 Replies

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

5. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

6. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies

7. What is on Your Mind?

Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT ULTRIX

talkd

talkd(8c)																 talkd(8c)

Name
       talkd - inter-terminal communications server

Syntax
       /etc/talkd

Description
       The  program  is  the  server  for the program.	The server provides a rendezvous method for the requesting (possibly remote) and the local
       responding

       The server is invoked by when it receives a packet on the port indicated in the talk service specification.

Restrictions
       The server does not strictly follow network byte order in its packet format and may have difficulty in talking with implementations  of	on
       other architectures that do not take this into account.

       The  version  of  released  with ULTRIX V3.0 uses a protocol that is incompatible with the protocol used in earlier versions. Starting with
       ULTRIX V3.0, the program communicates with other machines running ULTRIX, V3.0 (and later), and machines running 4.3  BSD  or  versions	of
       UNIX based on 4.3 BSD.

       The command is not 8-bit clean. Typing in DEC Multinational Characters (DECMCS) causes the characters to echo as a sequence of a carets (^)
       followed by the character represented with its high bit cleared. This limitation makes unusable if you want to communicate using a language
       which has DECMCS characters in its alphabet.

See Also
       talk(1), services(5), inetd(8c), ntalkd(8c)

																	 talkd(8c)
All times are GMT -4. The time now is 08:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy