• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

TCP / Denial of Service

Experts -
Can anybody give me some techniques that are used to protect Denial of Service type attacks against a host based application running on a Unix server? I keep reading about TCP wrapping, but can anybody tell me in simplest terms possible (preferably no links) how tcp wrapping protects systems against Denail of Service. is tcp wrapping the most effective method to prvent DoS or are there better alternatives? If so could you point me in their direction  for further reading...
0
pma111
Asked:
pma111
3 Solutions
 
Kerem ERSOYPresidentCommented:
Another way would be the use of Connection Throttling facility that come built-into IPTables in the Linux kernel in that you can determine a sessin limit which counts the incoming connections and will not accept mrore then some predefinec connections be open at a time such that:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 200 -j DROP


These commands will reject more than 200 hits/ minutes to a HTTP port of a server.
 
Cheers,
K.
 
0
 
edster9999Commented:
TCP wrapping adds overhead to the processing of each packet.  
WHat you are doing is adding an extra level of checks to each incoming packet before it is delivered to the web server.  
This can be used to filter for DoS attacks but can also increse the chance of being hit by one as if the attack is a stream of hits in very fast sucession floodig the server you may find it now takes less hit as you are spending extra time filtering them.

KeremE's lines above are better.  This is using Iptables for the same thing but will result in less overhead.

...And... better still use a firewall that has protection built in.  This would be more expensive but would lead to a more stable / safer platform.
It depends on how serious this issue is.   You need to weigh up the cost of these measures (both in hard money and in CPU time) and compare that to how important your service is to keep running.  How much does your company loose if the web site is down for 1 minute or 1 hour ?  Does it make a hardware solution viable ?
0
 
gheistCommented:
Many ways:
1) set somaxconn to high value to keep connections in queue while apps are slow to proceed
2) Syncookies - dont do queue, just crypto checksums on incoming packets
3) Filtered sockets - they enter queue of application only when (HTTP) data received.

For 2 Linux the best
For 3 FreeBSD
1 is universal

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now