Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : What is best anti-ddos software

[darkink]

Hi

anybody know what is best anti-ddos software on linux system?
Thanks

[avythe]

The best anti-ddos solution is via hardware. You're looking a minimal protection and mostly per-software-based on a single system.

[xxkylexx]

Check out DDOS Deflate. Definatly a life-saver for me.

[Jelleuh]

DDOS attacks can't be fully prevented unfortunately. There is some hardware that can block some traffic, but completely protect you, forget it

[david510]

May be the Mod_dosevasive too.

[gbjbaanb]

and, if you're running APF, it has some anti-dos capabilities. This is a preferred solution as it runs before your servers see the attacks.

However, remember that a DDoS attack is usually designed to flood your network capacity - if you're handling the attack on your server (even at the firewall level), you still have all that bandwidth being used up. External (ie ask your DC) systems are needed at that point.

[darkink]

can reommend me more detailed solutions? thanks

[besty]

You can opt for APF- preliminary

[brucebeh]

Quote:

Originally Posted by gbjbaanb

and, if you're running APF, it has some anti-dos capabilities. This is a preferred solution as it runs before your servers see the attacks.

However, remember that a DDoS attack is usually designed to flood your network capacity - if you're handling the attack on your server (even at the firewall level), you still have all that bandwidth being used up. External (ie ask your DC) systems are needed at that point.

Yeah, i think that is very true.

When you go external, its going to cost some chunk of cash to prevent losing bandwidth.

[gbjbaanb]

Quote:

Originally Posted by darkink

can reommend me more detailed solutions? thanks

No. We've helped you plenty with the most common solutions out there that you asked for, without any idea of what you want them to do. Now go and find out more about them yourself.

[Steven]

You could go with freebsd and play around with PF:

http://www.openbsd.org/faq/pf/filter.html#synproxy

[devmach]

Maybe you can play with iptables and apache's mod_security but i think puting another machine before the server , install openbsd and customize for firewall is good solution.

[warp2cris]

mod_security will not help with dos attacks, it is good for other things like protect from SQL injection.

to stop a big DDOS you better contact some companies which advertise they handle them. there is a thread about this on the forum, search for it.

however, across the years, I learnt that is no 100% DDOS protection, in the way that you just pay the money and the site is happily loading anytime and still fast.

[vborcan]

There is a Linux-based software that detects DDoS attacks by analyzing netflow data or by monitoring a mirroring port of a switch. It also mitigates DDoS attacks by cleaning only the malicious traffic. Just search WANGuard by Andrisoft. We're using it successfully.

[Crashus]

Best software at your server is firewall, best after it is hardware based solutions.