DoS and DDOS mitigation

[Way20]

Where can I find content to learn about DoS and DDoS protection?

What is the best solution for a simple DoS attack using a VPS and some perl/python script to spam packets? Would it be IPTables?

For DDoS attacks I know that it's hardware and not software that will determine if it goes down or not but what else can be done to prevent such attacks?

If you have any knowledge on this or knows where I can learn more, please, share with me.

 

[Sparkles]

DDoS attack are really common these days and anyone who knows how to use a search engine can do it.

Best preventions of DDoS attacks is using a hosting service with a built-in DDoS mitigation system, there are other alternatives like using proxies to mitigate attacks, however these are usually not cheap. There is not that much you can do if you are hosting "at home" and you are being targeted by a DDoS attack.

For protection against DoS attacks, in 80% of cases the ISP sorts this out by using an ingress filtering system. Unless the attacker is spoofing his address to send multiple packets. But basically it comes down to whoever has the highest internet speeds, though not as devestating as a DDoS they can still take a server down if you have bad connection speeds.

In a DDoS attack hardware doesnt really matter, its the ability to divert packets sent and legitimize legit users and block out all the other packets, which datacenters can do really well, because they have the ability to spread the attack out, rather than taking the full force on one server. For instance, if you are hosting at home and use a DDoS protected proxy to host your service, all the packets sent to your machine would have to go through a filter that the proxy has, and blocks attacks up-to a certain amount of data, this could be in a wide range of 3Gbit/s up-to hundreds of Tbit/s.

What happens when the amount of data recieved from the attack is higher than what you are protected against?
It will basically zero out other incoming connections, hence the server is down and not available.

You can read more about this on wikipedia ofc, or check out how companies like OVH deal with these sort of attacks on their website.

 

[oen432]

Proper iptable rules and physical firewall. Keep in mind that if someone really wants to take you down then they will. Companies (like game publishers) are spending millions to get the best protection possible.
80% of the time if your hosting provider is unable to protect you then you are done.

 

[Nostalrius]

Where can I find content to learn about DoS and DDoS protection?

What is the best solution for a simple DoS attack using a VPS and some perl/python script to spam packets? Would it be IPTables?

For DDoS attacks I know that it's hardware and not software that will determine if it goes down or not but what else can be done to prevent such attacks?

If you have any knowledge on this or knows where I can learn more, please, share with me.

Hello, read about CSF, LFI and Fail2Ban. In my opinion, it's the best option to avoid DOS Attacks.

 

[Way20]

DDoS attack are really common these days and anyone who knows how to use a search engine can do it.

Best preventions of DDoS attacks is using a hosting service with a built-in DDoS mitigation system, there are other alternatives like using proxies to mitigate attacks, however these are usually not cheap. There is not that much you can do if you are hosting "at home" and you are being targeted by a DDoS attack.

For protection against DoS attacks, in 80% of cases the ISP sorts this out by using an ingress filtering system. Unless the attacker is spoofing his address to send multiple packets. But basically it comes down to whoever has the highest internet speeds, though not as devestating as a DDoS they can still take a server down if you have bad connection speeds.

In a DDoS attack hardware doesnt really matter, its the ability to divert packets sent and legitimize legit users and block out all the other packets, which datacenters can do really well, because they have the ability to spread the attack out, rather than taking the full force on one server. For instance, if you are hosting at home and use a DDoS protected proxy to host your service, all the packets sent to your machine would have to go through a filter that the proxy has, and blocks attacks up-to a certain amount of data, this could be in a wide range of 3Gbit/s up-to hundreds of Tbit/s.

What happens when the amount of data recieved from the attack is higher than what you are protected against?
It will basically zero out other incoming connections, hence the server is down and not available.

You can read more about this on wikipedia ofc, or check out how companies like OVH deal with these sort of attacks on their website.

Thank you very much for you answer. When I said that what really matters is hardware I was reffering to physical firewall that hosting companies have. I know that a DoS attack comes down to a matter of Internet Speed, but there must be a way to detect that a single IP is consuming a significant percentage on the network and block it. I'm not hosting at my home btw.

Proper iptable rules and physical firewall. Keep in mind that if someone really wants to take you down then they will. Companies (like game publishers) are spending millions to get the best protection possible.
80% of the time if your hosting provider is unable to protect you then you are done.

Thank you for answering. I know that there's no such thing as 100% protected against DDoS, even companies like Sony gets taken down. Can you share your knowledge on iptables or point me out to where I can learn more about it?

Hello, read about CSF, LFI and Fail2Ban. In my opinion, it's the best option to avoid DOS Attacks.

Thank you, I really appreciate your answer. I heard about CSF before but never heard about those other two, do you know where I can find content to learn about those?

 

[oen432]

Can you share your knowledge on iptables or point me out to where I can learn more about it?

You really HAVE TO google it and use guides from advanced users. You can easily make shit go down by creating wrong rule and blocking yourself and everything else. @Nostalrius pointed out good scripts that will help you setup most things.

 

[Felipe93]

you can enable some features or try external software i've never used them anyway but you can try

 

[Merrok]

There is no complete protection against Denial of Service Attacks. The best protection, besides a network of VPNs infront of your actual server, is a dedicated hardware firewall set up correctly. Basically every hoster has not just one but dozens of those running. You can and should add an extra layer of protection using already mentioned services.
Those do not only have the purpose of stopping DoS but also protect from other potential attacks and threats.

 

[Way20]

You really HAVE TO google it and use guides from advanced users. You can easily make shit go down by creating wrong rule and blocking yourself and everything else. @Nostalrius pointed out good scripts that will help you setup most things.

Can you point me out to some of those guides?

There is no complete protection against Denial of Service Attacks. The best protection, besides a network of VPNs infront of your actual server, is a dedicated hardware firewall set up correctly. Basically every hoster has not just one but dozens of those running. You can and should add an extra layer of protection using already mentioned services.
Those do not only have the purpose of stopping DoS but also protect from other potential attacks and threats.

I know that, I even said it on an earlier post, the best we can do is mitigate, that's what I'm trying to learn how to do. I also stated before that I know that what really matters is hardware firewall, I want to know what else can be on server side, through softwares like iptables and csf. Do you know how to correctly setup those?

 

[Merrok]

I know that, I even said it on an earlier post, the best we can do is mitigate, that's what I'm trying to learn how to do. I also stated before that I know that what really matters is hardware firewall, I want to know what else can be on server side, through softwares like iptables and csf. Do you know how to correctly setup those?

I was actually thinking about making a HowTo on that topic but now i decided not to for a few reasons.
The easiest way is to read into iptables and find out how it works first. Then you can google for best practice methods on how to set up iptables.
These methods usually include a small DoS protection. Be carefull with completely pre-configured DoS iptables scripts though, many of those are simply shit.

 

[Way20]

I was actually thinking about making a HowTo on that topic but now i decided not to for a few reasons.
The easiest way is to read into iptables and find out how it works first. Then you can google for best practice methods on how to set up iptables.
These methods usually include a small DoS protection. Be carefull with completely pre-configured DoS iptables scripts though, many of those are simply shit.

Damn, I would really appreacite if you could do it, can you please reconsider? I agree 100% with you, I found many pre-configured rules for iptables and CSF but what I want is to know what I'm doing and why a rule is necessary.

I wanna know especifically what the configuration should be to an Open Tibia Server, for example, on CSF tutorials I found, they simply tell you:

On CSF configuration SYNFLOOD_RATE should be = "200/s" and SYNFLOOD_BURST = "250"

I wanna know why is that, and if it depends on how many players the server has etc. So please, a good HowTo on this would be really helpfull, I'm not speaking for me alone, I'm sure it would help many others aswell, the few threads OTLand has about this topic are outdated.