Solved

TCP / Denial of Service

Posted on 2009-05-18
3
283 Views
Last Modified: 2012-05-07
Experts -
Can anybody give me some techniques that are used to protect Denial of Service type attacks against a host based application running on a Unix server? I keep reading about TCP wrapping, but can anybody tell me in simplest terms possible (preferably no links) how tcp wrapping protects systems against Denail of Service. is tcp wrapping the most effective method to prvent DoS or are there better alternatives? If so could you point me in their direction  for further reading...
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 200 total points
ID: 24409718
Another way would be the use of Connection Throttling facility that come built-into IPTables in the Linux kernel in that you can determine a sessin limit which counts the incoming connections and will not accept mrore then some predefinec connections be open at a time such that:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 200 -j DROP


These commands will reject more than 200 hits/ minutes to a HTTP port of a server.
 
Cheers,
K.
 
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 150 total points
ID: 24409823
TCP wrapping adds overhead to the processing of each packet.  
WHat you are doing is adding an extra level of checks to each incoming packet before it is delivered to the web server.  
This can be used to filter for DoS attacks but can also increse the chance of being hit by one as if the attack is a stream of hits in very fast sucession floodig the server you may find it now takes less hit as you are spending extra time filtering them.

KeremE's lines above are better.  This is using Iptables for the same thing but will result in less overhead.

...And... better still use a firewall that has protection built in.  This would be more expensive but would lead to a more stable / safer platform.
It depends on how serious this issue is.   You need to weigh up the cost of these measures (both in hard money and in CPU time) and compare that to how important your service is to keep running.  How much does your company loose if the web site is down for 1 minute or 1 hour ?  Does it make a hardware solution viable ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 150 total points
ID: 24409906
Many ways:
1) set somaxconn to high value to keep connections in queue while apps are slow to proceed
2) Syncookies - dont do queue, just crypto checksums on incoming packets
3) Filtered sockets - they enter queue of application only when (HTTP) data received.

For 2 Linux the best
For 3 FreeBSD
1 is universal

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question