TCP / Denial of Service

Experts -
Can anybody give me some techniques that are used to protect Denial of Service type attacks against a host based application running on a Unix server? I keep reading about TCP wrapping, but can anybody tell me in simplest terms possible (preferably no links) how tcp wrapping protects systems against Denail of Service. is tcp wrapping the most effective method to prvent DoS or are there better alternatives? If so could you point me in their direction  for further reading...
Who is Participating?
Kerem ERSOYConnect With a Mentor PresidentCommented:
Another way would be the use of Connection Throttling facility that come built-into IPTables in the Linux kernel in that you can determine a sessin limit which counts the incoming connections and will not accept mrore then some predefinec connections be open at a time such that:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 200 -j DROP

These commands will reject more than 200 hits/ minutes to a HTTP port of a server.
edster9999Connect With a Mentor Commented:
TCP wrapping adds overhead to the processing of each packet.  
WHat you are doing is adding an extra level of checks to each incoming packet before it is delivered to the web server.  
This can be used to filter for DoS attacks but can also increse the chance of being hit by one as if the attack is a stream of hits in very fast sucession floodig the server you may find it now takes less hit as you are spending extra time filtering them.

KeremE's lines above are better.  This is using Iptables for the same thing but will result in less overhead.

...And... better still use a firewall that has protection built in.  This would be more expensive but would lead to a more stable / safer platform.
It depends on how serious this issue is.   You need to weigh up the cost of these measures (both in hard money and in CPU time) and compare that to how important your service is to keep running.  How much does your company loose if the web site is down for 1 minute or 1 hour ?  Does it make a hardware solution viable ?
gheistConnect With a Mentor Commented:
Many ways:
1) set somaxconn to high value to keep connections in queue while apps are slow to proceed
2) Syncookies - dont do queue, just crypto checksums on incoming packets
3) Filtered sockets - they enter queue of application only when (HTTP) data received.

For 2 Linux the best
For 3 FreeBSD
1 is universal

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.