Solved

DDOS attack

Posted on 2011-09-08
6
304 Views
Last Modified: 2012-05-12
Hey,

Is there anyway to avoid DDoS attack on server? I'm using apache, and have hardware firewall before some servers and software firewalls for some servers where there is not hardware firewall.

Thanks,
0
Comment
Question by:david_php
6 Comments
 
LVL 5

Expert Comment

by:zvytas
ID: 36501170
Limiting number of connections is pretty much all you can do.
0
 

Author Comment

by:david_php
ID: 36501246
Limiting number of connections - in apche config?

the source IPs are all different, there is not any fix IP which we can block... and getting thousands of concurrent http requests every few seconds....

I think even though we limit the number of connections, this multitude hits going to create a load on server...and ultimately the server will go slow or down gradually. :$
0
 
LVL 9

Expert Comment

by:davealford
ID: 36501370
There is little you can do as, the traffic will be UDP with forged source IP addresses. If you get a DDOS, contact your provider - they should be able to block the traffic at their end.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:zvytas
ID: 36501381
Yes, in apache config, more info:

http://www.compatdb.org/forums/topic/27244-can-apache-limit-connections/

If you limit number of connections your server will start rejecting connections after the limit is reached. This means your server will not get down so easily.
0
 
LVL 25

Accepted Solution

by:
madunix earned 500 total points
ID: 36513806
no 100% defense against DoS,  i think using iptables could protect you from  multiple connections coming from one specific IP address,  try to prevent  dos attack by using mod_qos
look @
http://mod-qos.sourceforge.net/
http://www.howtoforge.com/how-to-defend-slowloris-ddos-with-mod_qos-apache2-on-debian-lenny
http://www.fail2ban.org/wiki/index.php/Apache
http://en.wikipedia.org/wiki/Denial-of-service_attack
https://www.owasp.org/index.php/Testing_for_Denial_of_Service


I put my apache behind http://varnish.projects.linpro.no/, which not only protected from DoS, but also accelerated web requests quite a bit. also, iptables helped me iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP     .... It just limits one host to 20 connections to 80 port, which should not affect non-malicious user, but would render DoS unusable from one host.


Some ISP's with dedicated servers they install a hardware firewall and offer some preventative measures against DDOS attacks...etc. They offer security managed services such as IPS, Firewall, Reporting logs, SSL, DDOS protection..etc  look @ rackspace
http://www.rackspace.com/managed_hosting/services/security/index.php
http://www.rackspace.com/managed_hosting/services/security/ddosmitigation/


check http://hakin9.org/is-ddos-still-a-threat/
I think it's wise to look at dedicated appliances such as cisco fortinet or juniper which are made to detect and defend.
0
 

Author Closing Comment

by:david_php
ID: 36707795
thanks, i just wanted to know if its possible
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now