Solved

TCP / Denial of Service

Posted on 2009-05-18
3
271 Views
Last Modified: 2012-05-07
Experts -
Can anybody give me some techniques that are used to protect Denial of Service type attacks against a host based application running on a Unix server? I keep reading about TCP wrapping, but can anybody tell me in simplest terms possible (preferably no links) how tcp wrapping protects systems against Denail of Service. is tcp wrapping the most effective method to prvent DoS or are there better alternatives? If so could you point me in their direction  for further reading...
0
Comment
Question by:pma111
3 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 200 total points
ID: 24409718
Another way would be the use of Connection Throttling facility that come built-into IPTables in the Linux kernel in that you can determine a sessin limit which counts the incoming connections and will not accept mrore then some predefinec connections be open at a time such that:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 200 -j DROP


These commands will reject more than 200 hits/ minutes to a HTTP port of a server.
 
Cheers,
K.
 
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 150 total points
ID: 24409823
TCP wrapping adds overhead to the processing of each packet.  
WHat you are doing is adding an extra level of checks to each incoming packet before it is delivered to the web server.  
This can be used to filter for DoS attacks but can also increse the chance of being hit by one as if the attack is a stream of hits in very fast sucession floodig the server you may find it now takes less hit as you are spending extra time filtering them.

KeremE's lines above are better.  This is using Iptables for the same thing but will result in less overhead.

...And... better still use a firewall that has protection built in.  This would be more expensive but would lead to a more stable / safer platform.
It depends on how serious this issue is.   You need to weigh up the cost of these measures (both in hard money and in CPU time) and compare that to how important your service is to keep running.  How much does your company loose if the web site is down for 1 minute or 1 hour ?  Does it make a hardware solution viable ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 150 total points
ID: 24409906
Many ways:
1) set somaxconn to high value to keep connections in queue while apps are slow to proceed
2) Syncookies - dont do queue, just crypto checksums on incoming packets
3) Filtered sockets - they enter queue of application only when (HTTP) data received.

For 2 Linux the best
For 3 FreeBSD
1 is universal

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux :how to provide sudo access to the user 13 106
Move nodes from one TSM to another. 3 87
Expand a partition in Centos 7 Linux with Virtualmin 1 68
centos commands 6 67
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question