prevent DDOS in future?

[anilraut]

How can we prevent or defend ourselves from these attacks?

Like said, Prevention is better than cure. Its very much true in the case of DDOS . DDOS happens because of vulnerable softwares/applications running on a machines in a particular network. Attackers use those security holes to compromise the servers in different network and install the DDOS tools (eg trinoo -DDOS tool )


:::::::::: To prevent DDOS in future, follow the below steps which has 12 major steps ::::::::::::::::::::::::::::::

Setup machine / network keeping security in mind (Implement Good Security policy)

Setup a firewall which does Ingress and Egress Filtering at Gateway

Eg: Steps to Install AFP

----

bash# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

bash# tar -zxf apf-current.tar.gz

bash# cd apf-<version number>

bash# ./install.sh

Notes: Go through the Document in the Apf and configure it for your needs. All configuration is set at conf.apf which is normally located at /etc/apf/conf.apf

Enable Anit-DOS mode in Apf (ie in conf.apf) . Also make sure that your root's cron has an entry like the one below

*/8 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1

-----

Install IDS on your gateway/hosts to alert you when someone tries to sniff In.

Eg: AIDE

----------

(a) Wget ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.7.tar.gz

(b) Untar it

tar -zxvf aide-0.7.tar.gz

(c) cd aide-0.7

(d) Then execute

./configure -with-gnu-regexp

(e) Final steps to install make;make install

(f) Now the main step..To configure AIDE.AIDE stores all its rule sets in the file called aide.conf. Lets populate it get more details of how to configure and all from man aide.conf

(g) Here I am taking an example .See below



Here is a sample short aide.conf:

Rule = p+i+u+g+n+s+md5

/etc p+i+u+g

/sbin Rule

/usr/local/apache/conf Rule

/var Rule

!/var/spool/.*

!/var/log/.*

In the above configuration listed , a rule called "Rule" is set to check permissions (p), inode (i), user (u), group (g), number of links (n), size (s), and md5 checksum (md5). This rules are applied to all files in /bin, /sbin, /var, and /usr/local/apache/conf because they should rarely if ever change. Files in /etc are checked for changes in only permissions, inode, user, and group because their size may change, but other things shouldn't. Files and directories in /var/spool and /var/log are not checked because those are folders where maximum updation takes place.

(h) After configuring AIDE should be initiated with all these rules.

For that execute aide -init

----------

[saha]

thank you for the information. it was really useful........

[susiehaynes]

thanks for the detailed information you posted here. this will help me a lot.