1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

About DDos Attacks

Discussion in 'General Discussion' started by 4402734, Jun 22, 2006.

  1. 4402734

    4402734 Member

    Joined:
    Sep 20, 2005
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    I don`t know how to protect my server againest DDos Attacks?may you help me?

    Thanks
    Abolfazl
     
  2. NightStorm

    NightStorm Member

    Joined:
    Jul 28, 2003
    Messages:
    279
    Likes Received:
    2
    Trophy Points:
    18
    Technically, you can't. Any DDoS of any worth would take your server offline no matter what precautions you put into place on the server itself. All it takes is a simple saturation of your up/downstream and your server will carry no traffic until the attack is done.
    The best thing you can do is to use a datacenter that provides either a hardware firewall that can filter the attack before it enters your network, or uses an upstream filter (like Ev1's FireSlayer).
    Software wise, you could look into mod_evasive, which will help to control the number of httpd connections from a single IP, or scrutinizer, which will do the same but runs at a different level. Some suggest using SYN Cookies, which requests verification of all incoming SYN packets before they are accepted. This violates a few protocols though, and will not help a bandwidth overload if someone decides to actually target you. Tweaking your server to accept low numbers of ICMP packets through a system like APF will help to keep that flooding down... I have mine set to only accept 1 ICMP packet per second, and to drop the rest automatically. Only keeping the ports open that you actually use will help to keep attacks down a bit too, as it will drop all traffic destined for the 'un-used' ports. APF will do this, as well.
    Check out Chirpy's Firewall script. It works a lot like APF, but plugs directly into WHM.
    Don't think that by installing loads of "DDoS Software" on your server that you are safe from it though. As I mentioned, the line to your server will only carry so much traffic, and it's easy these days to overload that line. You'll want a datacenter that can properly filter the attack before it even gets to you. If your Datacenter won't do that, then they're not a very good one to begin with.
     

Share This Page