Setup the machine / network keeping security in mind

Setup a firewall which does Ingress and Egress Filtering at Gateway.

Eg: Steps to Install AFP

bash# wget https://www.rfxnetworks.com/downloads/apf-current.tar.gz

bash# tar -zxf apf-current.tar.gz

bash# cd apf-<version number>

bash# ./install.sh

Go through the Document in the Apf and configure it as per your convenience. All configuration is set at conf.apf which is normally located at /etc/apf/conf.apf

Enable Anit-DOS mode in Apf (ie in conf.apf) . Also make sure that your root’s cron has an entry

similarly
*/8 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1

—–

Install IDS on your gateway/hosts to alert you :

Eg: AIDE

———-

(a) Wget ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.7.tar.gz

(b) Untar it

tar -zxvf aide-0.7.tar.gz

(c) cd aide-0.7

(d) Then execute

./configure -with-gnu-regexp

(e) Final steps to install make;make install

(f) Now the real step..To configure AIDE: AIDE stores all its rule sets in the file called aide.conf. Lets ate it get more details on how to configure from man aide.conf

(g) Here is an example .See below

Here is a sample short aide.conf:

Rule = p+i+u+g+n+s+md5

/etc p+i+u+g

/sbin Rule

/usr/local/apache/conf Rule

/var Rule

!/var/spool/.*

!/var/log/.*

In the above configuration , a rule called “Rule” is set to check permissions (p), inode (i), user (u), group (g), number of links (n), size (s), and md5 checksum (md5). These rules are applied to all files in /bin, /sbin, /var, and /usr/local/apache/conf since they won’t change. Files in /etc are checked for changes in only permissions, inode, user, and group because their size may change, but other things shouldn’t. Files and directories in /var/spool and /var/log are not checked because those are folders where maximum updation takes place.

(h) After configuration is successfully done, AIDE should be initiated with all these rules.
For that execute aide –init

The post How to prevent the DDOS? appeared first on Hivelocity Hosting.

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amount of connections to a server. It is important to

remember that the ddos is becoming more sophistcated and they are using fewer

connections with more attacking ips. If this is the case you will still get low number of

connections even while you are under a DDOS.

The post Quick check for a ddos via number of connections appeared first on Hivelocity Hosting.