Call us Toll-Free:
1-800-218-1525
Live ChatEmail us

 Sponsors

How to protect against DDoS Attacks

Mike Peters, 09-22-2010
DDos (Denial Of Service) Attacks are distributed hits to your server, coming from multiple sources at the same time.

Unlike an attack from a single location, where the source IP address can be blocked on the firewall level, denial of service attacks are very difficult to stop.

DDoS attacks recently silenced the MPAA, Aiplex and took down Malaysian Government critics. DDoS attacks are back and they're bigger than ever.

New technology makes it too easy to launch low orbit ion cannon attacks and bring sites down to their knees.

Here are a few simple things you can do to protect your servers against a DDoS attack:

Have a contingency plan

Much like recovering from a failed harddrive, you need to plan ahead.

Avoid single points of failure and make sure you have at least two separate machines, running your web-servers and databases. Multi-homed hosting can really help here.

When the attack comes in, you'll be able to switch the ip address until the storm calms down.

Disable Ping-flood attacks

Add this to your /etc/sysctl.conf:
net.inet.icmp.bmcastecho=1
net.inet.icmp.icmplim=1

And run this on the shell to apply the changes immediately:
sysctl net.inet.icmp.icmplim=1
sysctl net.inet.icmp.bmcastecho=1

Use obscure ports for anything other than HTTP

Change your MySQL (/etc/my.cnf port=1234), FastCGI and all other daemons to run on unique port numbers.

Install all the latest security patches

Duh!

Use private ip addresses for inter-server communications

If you have more than one machine on the same LAN, use the LAN private ip addresses to communicate between the machines.

This is particularly helpful when your data-center decides to null-route the public-facing ip address of your database server (why is it open in the first place?) and you want to allow the web server to continue communicating with the database uninterrupted.

Using private LAN ip addresses is more efficient and ensures no interruptions in case your public-facing ip address gets null-routed.

Use a Firewall

Hardware firewalls rock, but the good ones can get very expensive to acquire and manage.

These two software firewalls are great for brute force detection and advanced policies that can detect anomalies common to DDoS attacks: APF and BFD. Both are from R-FX Networks
Enjoyed this post?

Subscribe Now to receive new posts via Email as soon as they come out.

 Comments
Post your comments












Note: No link spamming! If your message contains link/s, it will NOT be published on the site before manually approved by one of our moderators.



About Us  |  Contact us  |  Privacy Policy  |  Terms & Conditions