Raju Ginni

wordpress tutorials seo hosting etc

You are here: Home / Linux sysadmin tutorials linux system administrator / ddos attack prevention

ddos attack prevention

 

Types Of DDOS attacks

 

Application level

Network Protocol

Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets

What+is+a+Smurf+Attack+Denial+of+Service+Attack+using+spoofed+broadcast+ping+messages.

ICMP Png command.

ICMP relies on attacking nodes sending false error requests to the target

SYN flood: 3 way TCP handshake

  • Client sends syn packet
  • server sends syn+ACK and
  • waits for Acknowledgement for client to establish a connection. but hacker not sends it..

we can tweak it in linux sysctl.conf

3 way handshake

 

How to Prevent DDOS Attack

Check for the Server Access Log

Linux auth log

Error logs

Rate limit a IP  ex: Nginx rate limiting

BanIP Using Fail2ban

Harden linux security by tweaking sysctl

Use third party services like cloudflare as  reverse proxy to your server.

 

How to Stop SSH brute force attacks

 

CRON[22610]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 24 04:09:01 -s-4vcpu-8gb-blr1-01 CRON[22610]: pam_unix(cron:session): session closed for user root
Apr 24 04:15:56 -s-4vcpu-8gb-blr1-01 sshd[23550]: Invalid user code from 190.128.131.102 port 33174
Apr 24 04:15:57 -s-4vcpu-8gb-blr1-01 sshd[23550]: Received disconnect from 190.128.131.102 port 33174:11: Bye Bye [preauth]
Apr 24 04:15:57 -s-4vcpu-8gb-blr1-01 sshd[23550]: Disconnected from invalid user code 190.128.131.102 port 33174 [preauth]

sshd[16993]: error: maximum authentication attempts exceeded for root from 87.241.1.186 port 54861 ssh2 [preauth]
Apr 24 03:19:05 -s-4vcpu-8gb-blr1-01 sshd[16993]: Disconnecting authenticating user root 87.241.1.186 port 54861: Too many authentication failures [preauth]
Apr 24 03:19:08 -s-4vcpu-8gb-blr1-01 sshd[16995]: error: maximum authentication attempts exceeded for root from 87.241.1.186 port 56491 ssh2 [preauth]
Apr 24 03:19:08 -s-4vcpu-8gb-blr1-01 sshd[16995]: Disconnecting authenticating user root 87.241.1.186 port 56491: Too many authentication failures [preauth

 

ssh brute force attacks

  • use SSH only through a private IP from your computer
  • Disable root login
  • disable password login only use public ssh keys
  • change port
  • use fail2ban to ban ip addresses
  • 2 factor authentication with google re captcha

DDoS Attacks

Memcached DDoS Attack
NTP Amplification Attack
DNS Amplification Attack
SSDP Attack
Low and Slow Attack
Application Layer Attack
Layer 3 Attacks
Cryptocurrency Attacks
Ransom DDoS attack
Smurf Attack (historic)
Ping of Death (historic)
ACK Flood Attack
DNS Flood
HTTP Flood
Ping (ICMP) Flood Attack
QUIC Flood Attack
SYN Flood Attack
UDP Flood Attack