Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
October 01, 2014, 06:21:10 AM

Pages: [1]   Go Down
  Print  
Author Topic: DoS Prevention [Quick HOWTO]  (Read 6429 times)
arabnix
Newbie
*
Offline Offline

Posts: 3


« on: May 17, 2008, 09:07:09 PM »

Hello,

I am new to the lunarpages family and this is my first topic here too  Very Happy
Ok, lets go for what the thread title says.


This is a quick howto prevent or even counteract to a DoS Attack on your Linux Box. First of all you can get the IP of the person by:
Code:
/bin/netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

This shall display a list of IP Addresses with the number of connections made to the BOX. Take the IP address of the one with lots of connections to the BOX and do the following to it:
Code:
iptables -I INPUT 1 -s IP_Address -j DROP

Here we BLOCKED all of his connections to the BOX regardless of protocol type (tcp, udp, icmp).

There is another way which is to play with the attacker and fool him is to use the NULL Route  Bouncin for Joy just do the following:
Code:
route add IP_Address gw 127.0.0.1 lo

Also, you can go for a bandwidth shaping solution or lets say Bandwidth control like this:
Code:
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 8 -j ACCEPT

All these ways make DoS attacks harder to be done on you Linux BOX but they shall not prevent all types of DoS Attacks.

I hope you understood the QUICK HOWT  Thumbs Up

C ya soon.
« Last Edit: May 17, 2008, 09:09:00 PM by arabnix » Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #1 on: May 18, 2008, 02:10:42 AM »

Hi Arabnix,

Welcome to these forums and thanks for participating and experience sharing Wink

Best Regards,
Vlad
Logged

Kind Regards,
Vlad Artamonov
supra2800
Pong! (the videogame) Master
*****
Offline Offline

Posts: 21


« Reply #2 on: May 18, 2008, 11:34:24 PM »

Any idea how something similar can be done in Win2003 + Plesk?

Thanks Smile
Logged
arabnix
Newbie
*
Offline Offline

Posts: 3


« Reply #3 on: May 19, 2008, 09:16:30 AM »

Thank you perestrelka, I hope to share other things ASA my account is activated  Crying or Very sad
Hi Arabnix,

Welcome to these forums and thanks for participating and experience sharing Wink

Best Regards,
Vlad
Logged
arabnix
Newbie
*
Offline Offline

Posts: 3


« Reply #4 on: May 19, 2008, 09:17:41 AM »

Sorry my dear I don't deal with Micro$oft  Very Happy

Any idea how something similar can be done in Win2003 + Plesk?

Thanks Smile
Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #5 on: May 19, 2008, 10:43:42 AM »

Any idea how something similar can be done in Win2003 + Plesk?

Thanks Smile

More than likely shareware firewalls can give you such functions and some kind of anti DOS protefction.
Logged

Kind Regards,
Vlad Artamonov
Pages: [1]   Go Up
  Print  
 
Jump to: