Results 1 to 9 of 9
  1. #1

    DrDDoS, DDoS, DoS Attacks - The Works

    Hey,

    As many of you already know, not everyone has the money to spend on physical firewalls, for example a cisco firewall. I would like if everyone could share little tips and tricks towards securing a server they learned over time. Nothing in big detail. I thought if we all share our ideas, it would help quite alot of other people. For example, here is a good layout I believe. Please note this is towards a game server setup.

    Shorewall Firewall - Block Unneeded Ports + Block Ping
    Apache Web server - Installed with "mod_security"
    SSH-Faker - Stop thoes bots from trying to gain access to SSH (Guessing Passwords)
    DDoS Deflate - For me, does not really work. (I know, mainly for port 80 so webhosting) But still have it installed.
    Bash Scripts Monitoring # of connections per ip with Netstat.
    PSad - Monitoring and Reporting Port Scans (Optional automatic timed block)
    VNStat - Monitor Current/Monthly/Yearly Bandwidth (Does not hog resources)

    I'm guarenteed to of left alot out than just the above. If some of you could also share some simple things you do for securing a server, would be great.

    Cya,
    Tommis

  2. #2
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    All of that is pretty much useless in my opinion, i'd advise that you run litespeed httpd if you need a DDoS tolerant daemon. Avoid the cheap scripts.

  3. #3
    Join Date
    Dec 2007
    Location
    Dallas, TX
    Posts
    16
    Neither a script nor fast webserver will save you from a real DDoS attack, enough bots will saturate your bandwidth pretty quickly.

    I agree to stay away from the scripts, I have seen many people make the situation worse using an IPTables script which was so heavy on logging it hosed the server much worse while under dDoS attack.

    Best you can do is find a host with good bandwidth, make sure the firewall software on your server is enabled because even without being setup they have plenty of anti-dos features such as syn-cookies...

    <<signatures must be setup in your profile>>

  4. #4
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by Serverevo View Post
    Best you can do is find a host with good bandwidth, make sure the firewall software on your server is enabled because even without being setup they have plenty of anti-dos features such as syn-cookies...
    I kind of disagree here. Hosts are saying they provide ddos protection. Some just say it for the sake of marketing and getting more clients other say it because they really offer such services. The ones that do not lie and offer this for real are not capable of handling massive attacks IMHO.

    The best solution, though it's not 100% effective (cause there's no such tool, service or application that can be 100% effective against ddos attacks) is to investigate the market for ddos protection/mitigation services. There are, in my opinion several companies, that provide quality protection and good uptime. It is kind of price to have such a service deployed but if you are making lots of money and your business is on the line, it is worth the expenses I guess.

  5. #5
    Join Date
    Jun 2007
    Posts
    188
    IPTables & .htaccess should reflect any attacks you've sustained, as well as minimizing the access that can be made to your server; allow what you need & your users / clients need, block whatever else isn't.

    Hiring a security professional to secure your server may also be effective if you are not familiar with the ideas of secure scripts, and proper permissions, etc. If the steps you've taken after doing the above don't mitigate the attacks, consider switching to a provider who can handle the attacks -- Staminus.net, Gigenet/gigeservers, Blacklotus, awknet, etc. Please be aware that allow the aforesaid providers offer DDoS protection, extremely large attacks / attacks that are difficult to mitigate further will cost significantly more to handle.
    If you have rather small and normal attacks, Softlayer also offers a Ciscoguard feature which will help; like I said, extemely large & complex attacks will nullify the benefit received from this feature, so one of the above 5 providers (following the --) may be a better choice.

    Make sure you show logs of the types of attacks you receive to the aforesaid providers and make sure they commit to handling said attacks for a set price before you sign up.

    If all else fails, and your business model allows for it, consider leasing a hardware firewall and colocating. Be aware that in addition to lease costs, you will need to pay for the additional power & space that a hardware firewall uses.

  6. #6
    Join Date
    Feb 2006
    Posts
    1,108
    Quote Originally Posted by ElTino View Post
    I kind of disagree here. Hosts are saying they provide ddos protection. Some just say it for the sake of marketing and getting more clients other say it because they really offer such services. The ones that do not lie and offer this for real are not capable of handling massive attacks IMHO.

    The best solution, though it's not 100% effective (cause there's no such tool, service or application that can be 100% effective against ddos attacks) is to investigate the market for ddos protection/mitigation services. There are, in my opinion several companies, that provide quality protection and good uptime. It is kind of price to have such a service deployed but if you are making lots of money and your business is on the line, it is worth the expenses I guess.
    They can handle it, no matter how big.


    (as long as you have money, lots of money)
    semi-retired

  7. #7
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by Procyon View Post
    They can handle it, no matter how big.
    Are you really sure about that!?

  8. #8
    Quote Originally Posted by Procyon View Post
    They can handle it, no matter how big.


    (as long as you have money, lots of money)
    So you mean!
    lots of money = 100TB of pipe

    If thats the case! why the heck we than need DDoS protection than?

  9. #9
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    By my estimation one can protect against a DDoS attack that to this day has never actually been achieved at a cost of roughly $100,000 per month without serious performance impact.

    Realistically, the more common large attacks can be mitigated in the realm of $1000 - 10,000 per month.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •