Solved

DDOS attack

Posted on 2011-09-08
6
321 Views
Last Modified: 2012-05-12
Hey,

Is there anyway to avoid DDoS attack on server? I'm using apache, and have hardware firewall before some servers and software firewalls for some servers where there is not hardware firewall.

Thanks,
0
Comment
Question by:david_php
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Expert Comment

by:zvytas
ID: 36501170
Limiting number of connections is pretty much all you can do.
0
 

Author Comment

by:david_php
ID: 36501246
Limiting number of connections - in apche config?

the source IPs are all different, there is not any fix IP which we can block... and getting thousands of concurrent http requests every few seconds....

I think even though we limit the number of connections, this multitude hits going to create a load on server...and ultimately the server will go slow or down gradually. :$
0
 
LVL 9

Expert Comment

by:davealford
ID: 36501370
There is little you can do as, the traffic will be UDP with forged source IP addresses. If you get a DDOS, contact your provider - they should be able to block the traffic at their end.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 5

Expert Comment

by:zvytas
ID: 36501381
Yes, in apache config, more info:

http://www.compatdb.org/forums/topic/27244-can-apache-limit-connections/

If you limit number of connections your server will start rejecting connections after the limit is reached. This means your server will not get down so easily.
0
 
LVL 25

Accepted Solution

by:
madunix earned 500 total points
ID: 36513806
no 100% defense against DoS,  i think using iptables could protect you from  multiple connections coming from one specific IP address,  try to prevent  dos attack by using mod_qos
look @
http://mod-qos.sourceforge.net/
http://www.howtoforge.com/how-to-defend-slowloris-ddos-with-mod_qos-apache2-on-debian-lenny
http://www.fail2ban.org/wiki/index.php/Apache
http://en.wikipedia.org/wiki/Denial-of-service_attack
https://www.owasp.org/index.php/Testing_for_Denial_of_Service


I put my apache behind http://varnish.projects.linpro.no/, which not only protected from DoS, but also accelerated web requests quite a bit. also, iptables helped me iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP     .... It just limits one host to 20 connections to 80 port, which should not affect non-malicious user, but would render DoS unusable from one host.


Some ISP's with dedicated servers they install a hardware firewall and offer some preventative measures against DDOS attacks...etc. They offer security managed services such as IPS, Firewall, Reporting logs, SSL, DDOS protection..etc  look @ rackspace
http://www.rackspace.com/managed_hosting/services/security/index.php
http://www.rackspace.com/managed_hosting/services/security/ddosmitigation/


check http://hakin9.org/is-ddos-still-a-threat/
I think it's wise to look at dedicated appliances such as cisco fortinet or juniper which are made to detect and defend.
0
 

Author Closing Comment

by:david_php
ID: 36707795
thanks, i just wanted to know if its possible
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question