How would one deal with a DDOS attack?
Results 1 to 6 of 6

Thread: How would one deal with a DDOS attack?

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,830

    How would one deal with a DDOS attack?

    I've noticed in the past couple of years that denial of service seems to be becoming a 'thing' for cyber criminals. Just this morning I saw this:
    http://redtape.nbcnews.com/_news/201...six-weeks?lite

    How would one protect against this sort of thing? I'm guessing the perpetrators are harnessing botnets but still wonder if it would be helpful to block vast IP blocks. Where does the bottleneck occur in a DDOS attack? Would it be the DNS server? Would it be Apache or a load balancer? How does one protect against this sort of thing?
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  2. #2
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,390
    The best way to protect against these sorts of attacks, I would think, is to partner up with someone as far upstream of you as you can. For example, blocking IP ranges at your server (via iptables, for example, using a DROP rule) will certainly protect Apache from getting hit, but the link(s) from your server to its upstream device(s) is/are still going to experience the bandwidth hit (not to mention your CPU will still feel the hit of analyzing all those packets before DROP'ing them).

    If, however, there was some sort of manual or automatic (e.g. with some fancy IDS or something along those lines) of alerting your internet provider(s) (or datacenter operators, etc.), having them block the traffic at their point(s) shields you even further upstream such that the equipment feeling the hit isn't even yours.

  3. #3
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,830
    Quote Originally Posted by bradgrafelman View Post
    The best way to protect against these sorts of attacks, I would think, is to partner up with someone as far upstream of you as you can. For example, blocking IP ranges at your server (via iptables, for example, using a DROP rule) will certainly protect Apache from getting hit, but the link(s) from your server to its upstream device(s) is/are still going to experience the bandwidth hit (not to mention your CPU will still feel the hit of analyzing all those packets before DROP'ing them).
    To talk to one's upstream provider is very good advice. If you are getting charged for traffic, DDOS could be financially crippling quite quickly if you don't ask for help. While this is not something that had occurred to me, I'm hoping to understand myself what techniques might be used in such cyber-combat.

    Quote Originally Posted by bradgrafelman View Post
    If, however, there was some sort of manual or automatic (e.g. with some fancy IDS or something along those lines) of alerting your internet provider(s) (or datacenter operators, etc.), having them block the traffic at their point(s) shields you even further upstream such that the equipment feeling the hit isn't even yours.
    It's my understanding that a well-organized DDOS attack will consist of traffic that is indistinguishable from legitimate traffic and that it will not be possible to isolate it to any particular IP block (i.e., it might come from a botnet).
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  4. #4
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,671
    I would suppose it depends somewhat on the nature of the attack. It's great if you can have someone upstream analyze and filter packets, but that may or may not be possible.

    Bandwidth costs aside, if the botnet's hitting your index page, or other legitimate pages, it's likely they'll succeed in a bit of DOS at least unless your system can keep up with the requests.

    Have you looked at (assuming Apache here) mod_evasive, mod_cband, mod_limitipconn, mod_bw, mod_bwshare etc?

    Ooh, and I still recommend FreeBSD over Linux, and mod_php over suPHP/suexec and friends (which I assume is the default cPanel-type server?). The big boys use nginx a lot, so I hear, often setup in reverse proxy. I've tried it, but not reverse proxy or with PHP ...
    Last edited by dalecosp; 04-08-2013 at 12:37 PM.
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  5. #5
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,830
    Quote Originally Posted by dalecosp View Post
    Have you looked at (assuming Apache here) mod_evasive, mod_cband, mod_limitipconn, mod_bw, mod_bwshare etc?
    I have not. Will check those out.

    Quote Originally Posted by dalecosp View Post
    Ooh, and I still recommend FreeBSD over Linux, and mod_php over suPHP/suexec and friends (which I assume is the default cPanel-type server?). The big boys use nginx a lot, so I hear, often setup in reverse proxy. I've tried it, but not reverse proxy or with PHP ...
    I've definitely heard good things about FreeBSD and how secure it is. Not having ever installed it, I wonder if it has the package system for installing apache, etc?

    Could you elaborate on mod_php vs. suPHP/suexec?

    I've also heard of nginx, but what do you mean about setting it up "in reverse proxy?"
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  6. #6
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,671
    Quote Originally Posted by sneakyimp View Post
    I have not. Will check those out.


    I've definitely heard good things about FreeBSD and how secure it is. Not having ever installed it, I wonder if it has the package system for installing apache, etc?
    Code:
    $cd /usr/ports/www/apache22
    $sudo make install clean
    After that, rehash your shell and "apachectl start" ... plus all that config file editing and whatnot.
    Could you elaborate on mod_php vs. suPHP/suexec?
    I can try. When I set up PHP on FreeBSD I end up with PHP running as an Apache module (DSO). Anecdotally, at least, it outperforms the typical Linux approach which seems to be a cPanel installation and PHP is a CGI or something ... they're actually calling /usr/bin/php from within Apache somehow. I'm really no expert: https://www.google.com/search?q=suexec+php+vs+mod_php might help?

    I've also heard of nginx, but what do you mean about setting it up "in reverse proxy?"
    They're serving assets from multiple servers and/or domains through one server, usually nginx. So you can have a whole tribe of Apaches (or herd of Tomcats or whatever) doing the heavy lifting and sending the HTML to nginx, which feeds it all to the client.

    It's also a handy load balancer, I believe, if you set it up right.
    Last edited by dalecosp; 04-08-2013 at 04:54 PM.
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •