Web Hosting Forum | Lunarpages

Author Topic: DoS Prevention [Quick HOWTO]  (Read 8931 times)

Offline arabnix

  • Newbie
  • *
  • Posts: 3
DoS Prevention [Quick HOWTO]
« on: May 17, 2008, 09:07:09 PM »
Hello,

I am new to the lunarpages family and this is my first topic here too  :D
Ok, lets go for what the thread title says.


This is a quick howto prevent or even counteract to a DoS Attack on your Linux Box. First of all you can get the IP of the person by:
Code: [Select]
/bin/netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
This shall display a list of IP Addresses with the number of connections made to the BOX. Take the IP address of the one with lots of connections to the BOX and do the following to it:
Code: [Select]
iptables -I INPUT 1 -s IP_Address -j DROP
Here we BLOCKED all of his connections to the BOX regardless of protocol type (tcp, udp, icmp).

There is another way which is to play with the attacker and fool him is to use the NULL Route  :bounce: just do the following:
Code: [Select]
route add IP_Address gw 127.0.0.1 lo
Also, you can go for a bandwidth shaping solution or lets say Bandwidth control like this:
Code: [Select]
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 8 -j ACCEPT
All these ways make DoS attacks harder to be done on you Linux BOX but they shall not prevent all types of DoS Attacks.

I hope you understood the QUICK HOWT  :thumb:

C ya soon.
« Last Edit: May 17, 2008, 09:09:00 PM by arabnix »

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: DoS Prevention [Quick HOWTO]
« Reply #1 on: May 18, 2008, 02:10:42 AM »
Hi Arabnix,

Welcome to these forums and thanks for participating and experience sharing ;)

Best Regards,
Vlad
Kind Regards,
Vlad Artamonov

Offline supra2800

  • Pong! (the videogame) Master
  • *****
  • Posts: 21
Re: DoS Prevention [Quick HOWTO]
« Reply #2 on: May 18, 2008, 11:34:24 PM »
Any idea how something similar can be done in Win2003 + Plesk?

Thanks :)

Offline arabnix

  • Newbie
  • *
  • Posts: 3
Re: DoS Prevention [Quick HOWTO]
« Reply #3 on: May 19, 2008, 09:16:30 AM »
Thank you perestrelka, I hope to share other things ASA my account is activated  :cry:
Hi Arabnix,

Welcome to these forums and thanks for participating and experience sharing ;)

Best Regards,
Vlad

Offline arabnix

  • Newbie
  • *
  • Posts: 3
Re: DoS Prevention [Quick HOWTO]
« Reply #4 on: May 19, 2008, 09:17:41 AM »
Sorry my dear I don't deal with Micro$oft  :D

Any idea how something similar can be done in Win2003 + Plesk?

Thanks :)

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: DoS Prevention [Quick HOWTO]
« Reply #5 on: May 19, 2008, 10:43:42 AM »
Any idea how something similar can be done in Win2003 + Plesk?

Thanks :)

More than likely shareware firewalls can give you such functions and some kind of anti DOS protefction.
Kind Regards,
Vlad Artamonov

 

Share |