The Planet Forums > Any Help Advice for DDos Attack ?

Full Version: Any Help Advice for DDos Attack ?

The Planet Forums > Security > DoS & D-DoS Mitigation

Abdo

May 10 2007, 09:45 AM

Now my server under DDos Guard but my server seems off line because of the attackers.

I did every thing I know to Mitigate DDos Attack but all are useless.

Here Example of what did I install at my machine :

(D)Dos- Deflate
APF Firewall
Iptables Firewall
edit httpd.conf and change :
1. Timeout 15
2. KeepAlive Off
3. KeepAliveTimeout 5
4. MinSpareServers 15
5. MaxSpareServers 20
I used : echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Install mod_evasive
used this script to block any connection that has more than 5 connections

CODE

#!/bin/bash

#Collecting list of ip addresses connected to port 80

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist

#Limit the no of connections

LIMIT=100;

for ip in `cat /root/iplist |awk '{print $2}'`;do

if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ]

then

echo "5 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip";

#Blocking the ip ...

/etc/rc.d/init.d/iptables save > /dev/null;

CHECK_IF_LOCALIP=0;

/sbin/ifconfig | grep $ip > /dev/null;

if [ $? -ne $CHECK_IF_LOCALIP ]

then

{

FLAG=0;

grep $ip /etc/sysconfig/iptables | grep DROP > /dev/null;

if [ $? -ne $FLAG ]

then

iptables -I INPUT -s $ip -j DROP;

else

echo " Ipaddress $ip is already blocked ";

fi

}

else

echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server ";

fi

fi

done

And I do it manually.

Until now the attackers can stop the server and when they want to do it they can.

Any help advice ?

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.