Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are common threats that every publicly accessible web server faces. The purpose of such attacks, in simplest terms, is to flood a server with connections, overloading it and preventing from accepting legitimate traffic.
Step #1: SYNflood Protection
A SYNflood attack is a DoS attack exploiting the TCP (Transmission Control Protocol) connection process itself. In basic terms, a TCP connection is established using a three-way handshake:- The client (incoming connection) sends a synchronization packet (SYN) to the server.
- The server responds with a synchronization acknowledgement (SYN/ACK) to the client.
- The client then responds with an acknowledgement (ACK) back to the server.
# netstat -nap | grep SYN -c- To enable SYNflood protection, locate the Port Flood Settings section of the Firewall Configuration page.
Step #2: Outgoing UDP Flood Protection
This option limits outbound UDP packet floods. These typically originate from exploit scripts uploaded through vulnerable web scripts. Care should be taken on servers that use services that utilise high levels of UDP outbound traffic, such as SNMP, so you may need to alter the UDPFLOOD_LIMIT and UDPFLOOD_BURST options to suit your environment. We recommend enabling User ID Tracking (UID_INTERVAL) with this feature.
Step #3: Save Your Changes and Restart the Firewall
More:https://mkyong.com/linux/how-to-block-attackers-ip-with-null-route-command/
https://mkyong.com/linux/list-all-ip-addresses-connected-to-your-server/
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin