• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

How to prevent DOS attacks against web servers

Can anyone provide me with the best network configuration/tools/services to prevent DOS (Denial of service) attacks.

Take for example the following scenario for a website.  
•      Website with thousands of hits per day.
•      Traffic routed to CDN.
•      Firewall between CDN and hosting company
•      Website hosted by a public hosting company
•      Web servers in a DMZ

1.      What sort of network design/configuration is recommended to reduce DOS attacks
2.      What DOS service/software/hardware is recommended?
3.   Can you guide me to some documentation on this?

Please shed some details on the above.
3 Solutions
You need to implement a Network Intrussion Prevention System (NIPS) and set rules to block the IP addresses that are sending DOS attacks
Didier VallySystems Engineer and Finance AnalystCommented:
Cisco firewalls are good.
Is this a general question about DoS or do you have something specific in mind? If your being attacked with sun flooding you can configure your TCPIP stack to to ignore incoming SYN packets, disable ICMP redirects, and change keep alive time.

The following is a example.
Windows Registery Editor Version 5.00

"SynAttackProtect" =dword:00000002
"EnableICMPRedirects" =dword:00000000
"KeepAliveTime" =000493E0

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now