DDos Attack Protection

just reconfigured my webserver runing on localhost why?
read under ….
1. what is best practice to have good performance ? – CACHE ! which means if your webserver know where is file(image,song, swf .. etc) located on hard drive and already opened it ones with another customer, why it must be opened second time ? with webserver ? it will make a good lick on performace site if youre runing heavy site with lot of pictures.
2. what is the best program for working on many simple GET/POST/CONNECT requests ? – Squid – caching proxy server runing under Linux and using all power of linux fs for making cache and make it fast
i just made a hibrid combination on my squid ( runing on 80 port) and apache (runing on 127.0.0.1:80).
here is simple config of my squid
http_port 62.75.250.93:80 transparent

icp_port 0

htcp_port 0

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

cache_swap_low 64

cache_swap_high 128

maximum_object_size 2048 KB

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

fqdncache_size 2048

cache_dir ufs /tmp/squid 2000 11 11

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /dev/null

hosts_file /etc/hosts

dns_nameservers 127.0.0.1

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

peer_connect_timeout 30 seconds

acl all src 0.0.0.0/0.0.0.0

acl site dst 127.0.0.1/32

acl max_con maxconn 20

http_access deny max_con all

forwarded_for off

http_access deny all !site

http_reply_access deny all !site

icp_access deny all !site

miss_access deny all !site

cache_effective_user proxy

cache_effective_group proxy

visible_hostname Wishmaster

cache_mgr moushegh@nazaretyan.com

always_direct allow all

never_direct deny all
on apache you just need to change Virtual host and LISTEN to 127.0.0.1 (remeber to add your host under localhost at /etc/hosts)
max_con – is a acl that will not allow more then 20 concurrent connections from 1 IP – good method for protecting from http get and syn flood attacks
any questions ? ready to answer on comments or via skype

Tags: attacks, DDoS, DNS, NAT
Posted in DDoS | No Comments »

Network brings us a convenient, but also brings a series of problems. Viruses and malware attacks is very troublesome. Unless you pull string, otherwise will suffer from the aspects of the network, especially the threat of distributed denial of service attack, people can retreat DDos refund. We cannot prevent the attack, we can do is how to reduce losses, utmost ground protects the interests of individual and enterprise network.
A DDoS attack typically divided into three stages. First is the target confirmed: hackers will lock an IP address on the Internet. The IP address of the enterprise may represent a Web server, DNS server, Internet gateway, etc. Select the target of the attack, or for money purposes is pure pastime. Then is preparation: in this stage, the hacker intrusion Internet will have good protection system of the computer. In these computers after implantation target the necessary tools. Finally is launched actual attack stages: hackers will be sent to all orders against invasion by the computer, using the computer and ordered in advance of the implant to attack tool sends a packet that attack target unable to handle large amounts of data or bandwidth occupied. Serious word will affect the DNS, cause the whole network have paralyzed.
Of course not, facing DDoS unchecked. We can take corresponding measures to minimize the effects of such attacks.
Intrusion filter is a simple network should be implemented and all the security strategy. In your network, should establish a routing statement, all data to source IP address for this marked the packet. Although this way doesn’t prevent DDoS attack, but it can prevent DDoS attack reflex.
But many large ISP seem because all sorts of reasons refused to realize invasion of filter, so we need other ways to reduce the impact of DDoS. At present the most effective method is one of the track. By this way, the first should be determined by current is external DDoS attack, not from the connection or routing problem. Then all the edge router as soon as possible in the external interface configuration, reject all the data flow DDoS attack target. In addition, even in these edge router port configuration, will all invalid or unable to locate data source IP packets.
Such doing can decrease the impact DDos, early recovery network operation. DDoS attack, but we can prevent hard by the corresponding measures to reduce the attack in the network. We can’t predict how fierce flooding, all we can do is to build high dam, We couldn’t psych out hackers mood, so we must make full preparations.

Tags: DDoS, DDOS attack, DDoS Attacks, DNS, Internet, Security
Posted in DDoS Attacks | No Comments »

Internet aegis experts say that misconfigured DSL and cable modems are deepening a acclaimed botheration with the Internet’s DNS (domain name system), authoritative it easier for hackers to barrage broadcast denial-of-service (DDoS) attacks adjoin their victims.

According to analysis set to be appear in the next few days, allotment of the botheration is abhorrent on the growing amount of customer accessories on the Internet that are configured to acquire DNS queries from anywhere, what networking experts alarm an “open recursive” or “open resolver” system. As added consumers appeal broadband Internet, account providers are rolling out modems configured this way to their barter said Cricket Liu, carnality admiral of architectonics with Infoblox, the DNS apparatus aggregation that sponsored the research. “The two arch culprits we begin were Telefonica and France Telecom,” he said.

In fact, the allotment of DNS systems on the Internet that are configured this way has jumped from about 50 percent in 2007, to about 80 percent this year, according to Liu.

Though he hasn’t apparent the Infoblox data, Georgia Tech Researcher David Dagon agreed that accessible recursive systems are on the rise, in allotment because of “the access in home arrangement accessories that acquiesce assorted computers on the Internet.”

“Almost all ISPs deliver a home DSL/cable device,” he said in an e-mail interview. “Many of the accessories accept congenital DNS servers. These can sometimes address in ‘open by default’ states.”

Because modems configured as accessible recursive servers will acknowledgment DNS queries from anyone on the Internet, they can be acclimated in what’s accepted as a DNS addition attack.

In this attack, hackers forward spoofed DNS concern letters to the recursive server, tricking it into acknowledging to a victim’s computer. If the bad guys apperceive what they’re doing, they can forward a baby 50 byte bulletin to a arrangement that will acknowledge by sending the victim as abundant as 4 kilobytes of data. By barraging several DNS servers with these spoofed queries, attackers can beat their victims and finer beating them offline.

DNS experts accept accepted about the accessible recursive agreement botheration for years, so it’s hasty that the numbers are jumping up.

However, according to Dagon, a added important affair is the actuality that abounding of these accessories do not cover patches for a broadly publicized DNS blemish apparent by researcher Dan Kaminsky endure year. That blemish could be acclimated to ambush the owners of these accessories into application Internet servers controlled by hackers after anytime acumen that they’ve been duped.

Infoblox estimates that 10 percent of the accessible recursive servers on the Internet accept not been patched.

The Infoblox analysis was conducted by The Measurement Factory, which gets its abstracts by scanning about 5 percent of the IP addresses on the Internet. The abstracts will be acquaint actuality in the next few days.

According to Measurement Factory Admiral Duane Wessels, DNS addition attacks do occur, but they’re not the a lot of accepted anatomy of DDoS attack. “Those of us that clue these and are acquainted of it tend to be a little bit afraid that we don’t see added attacks that use accessible resolvers,” he said. “It’s affectionate of a puzzle.”

Wessels believes that the move against the next-generation IPv6 accepted may be aback accidental to the problem. Some of the modems are configured to use DNS server software alleged Ambush or Tread Daemon (TOTd) — which converts addresses amid IPv4 and IPv6 formats. Often this software is configured as an accessible resolver, Wessels said.

Tags: DDoS Attacks, DNS, Internet
Posted in DDoS Attacks | No Comments »