Archive

Articles taggués ‘protect ddos attacks’

Protect DDOS attacks

22/01/2016 Comments off

Protect DDOS attacks

Using ModEvasive agains DDoS attacksprotect ddos attacks

The first think to do is to install ModEvasive. All details are provided in http://hardenubuntu.com/hardening/apache/modsecurity/.

Configuring UFW

The following instructions can be added to the UFW rules. Edit the /etc/ufw/before.rules:

sudo vi /etc/ufw/before.rules

Add those lines after *filter near the beginning of the file:

:ufw-http - [0:0]
:ufw-http-logdrop - [0:0]

Add those lines near the end of the file, before the COMMIT:

### Start HTTP ###

# Enter rule
-A ufw-before-input -p tcp --dport 80 -j ufw-http
-A ufw-before-input -p tcp --dport 443 -j ufw-http

# Limit connections per Class C
-A ufw-http -p tcp --syn -m connlimit --connlimit-above 50 --connlimit-mask 24 -j ufw-http-logdrop

# Limit connections per IP
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --set
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --update --seconds 10 --hitcount 20 -j ufw-http-logdrop

# Limit packets per IP
-A ufw-http -m recent --name pack_per_ip --set
-A ufw-http -m recent --name pack_per_ip --update --seconds 1 --hitcount 20 -j ufw-http-logdrop

# Finally accept
-A ufw-http -j ACCEPT

# Log
-A ufw-http-logdrop -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW HTTP DROP] "
-A ufw-http-logdrop -j DROP

### End HTTP ###

Lire la suite…

How to Protect Successfully your network against DDoS attacks: 5 steps

04/11/2015 Comments off

Every business needs DDoS protection.

protect ddos attacksToday it’s important for the success of your business to have an online presence. You always thought that you would never be a victim of DDoS attacks. But, what would happen if your website or online application is down because of a DDoS attack?

Here are some facts taken from digitalattackmap:

  • Attacks are cheaper (150$ for a week long DDoS)
  • Their number are increasing every weeks (2000/day)
  • Increase attributed downtime (1/3 of all downtime incidents)

You can even block a 1TB DDoS attack!

With enough preparation, anybody can block a DDoS attack of any size and we will tell you how in 5 steps.

  1. Become invisible
  2. Filter aggressively
  3. Identify attack patterns
  4. Block traffic patterns
  5. Deploy counter-measures solutions

Lire la suite…