Solved

DDOS attack

Posted on 2011-09-08
6
315 Views
Last Modified: 2012-05-12
Hey,

Is there anyway to avoid DDoS attack on server? I'm using apache, and have hardware firewall before some servers and software firewalls for some servers where there is not hardware firewall.

Thanks,
0
Comment
Question by:david_php
6 Comments
 
LVL 5

Expert Comment

by:zvytas
ID: 36501170
Limiting number of connections is pretty much all you can do.
0
 

Author Comment

by:david_php
ID: 36501246
Limiting number of connections - in apche config?

the source IPs are all different, there is not any fix IP which we can block... and getting thousands of concurrent http requests every few seconds....

I think even though we limit the number of connections, this multitude hits going to create a load on server...and ultimately the server will go slow or down gradually. :$
0
 
LVL 9

Expert Comment

by:davealford
ID: 36501370
There is little you can do as, the traffic will be UDP with forged source IP addresses. If you get a DDOS, contact your provider - they should be able to block the traffic at their end.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 5

Expert Comment

by:zvytas
ID: 36501381
Yes, in apache config, more info:

http://www.compatdb.org/forums/topic/27244-can-apache-limit-connections/

If you limit number of connections your server will start rejecting connections after the limit is reached. This means your server will not get down so easily.
0
 
LVL 25

Accepted Solution

by:
madunix earned 500 total points
ID: 36513806
no 100% defense against DoS,  i think using iptables could protect you from  multiple connections coming from one specific IP address,  try to prevent  dos attack by using mod_qos
look @
http://mod-qos.sourceforge.net/
http://www.howtoforge.com/how-to-defend-slowloris-ddos-with-mod_qos-apache2-on-debian-lenny
http://www.fail2ban.org/wiki/index.php/Apache
http://en.wikipedia.org/wiki/Denial-of-service_attack
https://www.owasp.org/index.php/Testing_for_Denial_of_Service


I put my apache behind http://varnish.projects.linpro.no/, which not only protected from DoS, but also accelerated web requests quite a bit. also, iptables helped me iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP     .... It just limits one host to 20 connections to 80 port, which should not affect non-malicious user, but would render DoS unusable from one host.


Some ISP's with dedicated servers they install a hardware firewall and offer some preventative measures against DDOS attacks...etc. They offer security managed services such as IPS, Firewall, Reporting logs, SSL, DDOS protection..etc  look @ rackspace
http://www.rackspace.com/managed_hosting/services/security/index.php
http://www.rackspace.com/managed_hosting/services/security/ddosmitigation/


check http://hakin9.org/is-ddos-still-a-threat/
I think it's wise to look at dedicated appliances such as cisco fortinet or juniper which are made to detect and defend.
0
 

Author Closing Comment

by:david_php
ID: 36707795
thanks, i just wanted to know if its possible
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question