Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Denial Of Service Attack Update
The Lounge What is on Your Mind? Denial Of Service Attack Update Post 303036021 by Neo on Wednesday 12th of June 2019 04:48:43 PM
Old 06-12-2019
Denial Of Service Attack Update
Dear All,

We were hit with a denial of service (DOS) attack today beginning around June 12th 2019 @ 01:27:51 PM from an IP address registered to "RACKWEB-NET" in Bulgaria.

I was notified about this around June 12th 2019 @ 03:05 PM and did some log file analysis and discovered how the attack was happening and wrote some code to mitigate against the attack.

I think the site was down for about 1 hour and 19 minutes because of the attack.

The code I wrote will filter against these kinds of DOS attacks in the future.

Thank you for your support,

Neo

EDIT: In addition to the PHP changes, I made some changes to the DB configuration as well to help insure this kind of attack cannot succeed in the future.
These 9 Users Gave Thanks to Neo For This Post:
bakunin drl jim mcnamara MadeInGermany RavinderSingh13 Scrutinizer vgersh99 wisecracker Yudicoy
 

LEARN ABOUT REDHAT

sasl_client_new

sasl_client_new(21 June 2001)											     sasl_client_new(21 June 2001)

NAME

       sasl_client_new - Create a new client authentication object

SYNOPSIS

       #include <sasl/sasl.h>

       int sasl_client_new(const char *service,
		       const char *serverFQDN,
		       const char *iplocalport,
		       const char *ipremoteport,
		       const sasl_callback_t *prompt_supp,
		       unsigned secflags,
		       sasl_conn_t ** pconn);

DESCRIPTION

       sasl_client_new()  creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentica-
       tion and integrity/encyption layers after authentication.

       service is the registered name of the service (usually the protocol name) using SASL (e.g. "imap").

       serverFQDN is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu").

       iplocalport is the IP and port of the local side of the connection, or NULL.  If iplocalport  is  NULL  it  will  disable  mechanisms  that
       require	IP  address  information.   This  strings  must  be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port"
       (IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)

       ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplocalport)

       prompt_supp is a list of client interactions supported that is unique to this connection. If this parameter is NULL  the  global  callbacks
       (specified in sasl_client_init) will be used. See sasl_callback for more information.

       secflags are security flags (see below)

       pconn is the conection context allocated by the library. This structure will be used for all future SASL calls for this connection.

       Security Flags

       Security flags that may be passed to sasl_server_new() include

       SASL_SEC_NOPLAINTEXT
	       Don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN)

       SASL_SEC_NOACTIVE
	       Protection from active (non-dictionary) attacks during authentication exchange. Authenticates server.

       SASL_SEC_NODICTIONARY
	       Don't permit mechanisms susceptible to passive dictionary attack

       SASL_SEC_FORWARD_SECURITY
	       Require forward secrecy between sessions. (breaking one won't help break next)

       SASL_SEC_NOANONYMOUS
	       Don't permit mechanisms that allow anonymous login

       SASL_SEC_PASS_CREDENTIALS
	       Require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so.

       SASL_SEC_MAXIMUM
	       All of the above.

RETURN VALUE

       sasl_client_new	returns  an  integer  which corresponds to one of the following codes. SASL_OK is the only one that indicates success. All
       others indicate errors and should either be handled or the authentication session should be quit.

ERRORS

       SASL_OK Success

       SASL_BADPARAM
	       Error in config file or passed parameters

       SASL_NOMECH
	       No mechanism meets requested properties

       SASL_NOMEM
	       Not enough memory to complete operation

CONFORMING TO

       RFC 2222

SEE ALSO

       sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3)

SASL man pages							       SASL					     sasl_client_new(21 June 2001)
All times are GMT -4. The time now is 05:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy