01-29-2014
DDoS is simply a way to overload services. So, to protect, you use some kind of QoS or application based limiter that slows things down when heavy traffic seems present. In some cases you may be able to figure out the DDoS and limit things specifically.
Brute force attacks are often times focused on services where a username/password are involved. Again, you'll have to craft a response to this specifically. So, if you see so many failed attempts from a source, you could issue a command to your firewall to add a rule to block that source (perhaps just temporarily). As an example of a tool to help with this, look at:
302 Found
7 More Discussions You Might Find Interesting
1. Cybersecurity
heloo
today i have DDos Attack in my server
what is the better way to secure my server from DDos Attack
i use CentOS 4&5
i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems
Give Me The best way plzz (4 Replies)
Discussion started by: a7medo
4 Replies
2. UNIX for Advanced & Expert Users
Hi,
I'm trying find out if there is a way to stop a brute force attack on a Webmail site. I'm trying to setup a webmail access, but I would like to prevent too many invalid logins from the same IP.
I've looked into Snort, but I was wondering if there was an application level firewall that can... (1 Reply)
Discussion started by: nitin
1 Replies
3. UNIX for Advanced & Expert Users
Im currently experiancing a brute force attack on my server
Nov 26 15:27:04 ws096 saslauthd: do_auth : auth failure:
Nov 26 15:27:13 ws096 saslauthd: do_auth : auth failure:
Nov 26 15:27:22 ws096 saslauthd: do_auth : auth failure:
Nov 26 15:27:29 ws096... (4 Replies)
Discussion started by: mcraul
4 Replies
4. Cybersecurity
are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies
5. Shell Programming and Scripting
I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this:
#!/usr/local/bin/expect
set timeout 3... (5 Replies)
Discussion started by: ph0enix
5 Replies
6. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
7. UNIX for Advanced & Expert Users
Hi guys, just need a opinion from you.
I found anti ddos script from github
Script
What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script.
I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies
LEARN ABOUT OPENDARWIN
pam_fail_delay
PAM_FAIL_DELAY(3) Programmers' Manual PAM_FAIL_DELAY(3)
NAME
pam_fail_delay - request a delay on failure
SYNOPSIS
#include <security/pam_appl.h>
or,
#include <security/pam_modules.h>
int pam_fail_delay(pam_handle_t *pamh, unsigned int usec);
DESCRIPTION
It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user. In
cases of short timeouts, it may prove possible to attempt a brute force dictionary attack -- with an automated process, the attacker tries
all possible passwords to gain access to the system. In other cases, where individual failures can take measurable amounts of time (indi-
cating the nature of the failure), an attacker can obtain useful information about the authentication process. These latter attacks make
use of procedural delays that constitute a covert channel of useful information.
To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process. Linux-PAM
provides such a facility. The delay occurs upon failure of the pam_authenticate(3) and pam_chauthtok(3) functions. It occurs after all
authentication modules have been called, but before control is returned to the service application.
The function, pam_fail_delay(3), is used to specify a required minimum for the length of the failure-delay; the usec argument. This func-
tion can be called by the service application and/or the authentication modules, both may have an interest in delaying a reapplication for
service by the user. The length of the delay is computed at the time it is required. Its length is pseudo-gausianly distributed about the
maximum requested value; the resultant delay will differ by as much as 25% of this maximum requested value (both up and down).
On return from pam_authenticate(3) or pam_chauthtok(3), independent of success or failure, the new requested delay is reset to its default
value: zero.
EXAMPLE
For example, a login application may require a failure delay of roughly 3 seconds. It will contain the following code:
pam_fail_delay(pamh, 3000000 /* micro-seconds */ );
pam_authenticate(pamh, 0);
if the modules do not request a delay, the failure delay will be between 2.25 and 3.75 seconds.
However, the modules, invoked in the authentication process, may also request delays:
(module #1) pam_fail_delay(pamh, 2000000);
(module #2) pam_fail_delay(pamh, 4000000);
in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds.
RETURN VALUE
Following a successful call to pam_fail_delay(3), PAM_SUCCESS is returned. All other returns should be considered serious failures.
ERRORS
May be translated to text with pam_strerror(3).
CONFORMING TO
Under consideration by the X/Open group for future inclusion in the PAM RFC. 1996/1/10
BUGS
none known.
SEE ALSO
pam_start(3), pam_get_item(3) and pam_strerror(3).
Also, see the three Linux-PAM Guides, for System administrators, module developers, and application developers.
Linux-PAM 0.56 1997 Jan 12 PAM_FAIL_DELAY(3)