Solved

TCP / Denial of Service

Posted on 2009-05-18
3
273 Views
Last Modified: 2012-05-07
Experts -
Can anybody give me some techniques that are used to protect Denial of Service type attacks against a host based application running on a Unix server? I keep reading about TCP wrapping, but can anybody tell me in simplest terms possible (preferably no links) how tcp wrapping protects systems against Denail of Service. is tcp wrapping the most effective method to prvent DoS or are there better alternatives? If so could you point me in their direction  for further reading...
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 200 total points
ID: 24409718
Another way would be the use of Connection Throttling facility that come built-into IPTables in the Linux kernel in that you can determine a sessin limit which counts the incoming connections and will not accept mrore then some predefinec connections be open at a time such that:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 200 -j DROP


These commands will reject more than 200 hits/ minutes to a HTTP port of a server.
 
Cheers,
K.
 
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 150 total points
ID: 24409823
TCP wrapping adds overhead to the processing of each packet.  
WHat you are doing is adding an extra level of checks to each incoming packet before it is delivered to the web server.  
This can be used to filter for DoS attacks but can also increse the chance of being hit by one as if the attack is a stream of hits in very fast sucession floodig the server you may find it now takes less hit as you are spending extra time filtering them.

KeremE's lines above are better.  This is using Iptables for the same thing but will result in less overhead.

...And... better still use a firewall that has protection built in.  This would be more expensive but would lead to a more stable / safer platform.
It depends on how serious this issue is.   You need to weigh up the cost of these measures (both in hard money and in CPU time) and compare that to how important your service is to keep running.  How much does your company loose if the web site is down for 1 minute or 1 hour ?  Does it make a hardware solution viable ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 150 total points
ID: 24409906
Many ways:
1) set somaxconn to high value to keep connections in queue while apps are slow to proceed
2) Syncookies - dont do queue, just crypto checksums on incoming packets
3) Filtered sockets - they enter queue of application only when (HTTP) data received.

For 2 Linux the best
For 3 FreeBSD
1 is universal

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question