For reasons that are not relevant in this blog, in Argentina yesterday there was a lot of talk about distributed denial of service (DDoS) attacks It is an excuse like any other to talk about these types of attacks that can affect anyone with a website and open source solutions to mitigate them.
Table of Contents
The distributed denial of service attack is one of the easiest to perpetrate as it does not require a lot of technical knowledge, but at the same time it is one of the most harmful as it can take digital services and websites offline for hours or days.
During this type of attack, the victim suffers from the saturation of his network and servers with an enormous number of access requests that is greater than what the infrastructure is prepared to handle. This leads to legitimate users having slower access or not being able to enter directly.
To control the attack, the perpetrator needs to have access to a network of devices (usually without the knowledge of the owners) These devices can be both computers and mobile or Internet of things devices. The word distributed in the name of the attack comes from the fact that the components of the network are not usually in the same geographic location.
Device control is achieved through malware, social engineering practices, or the use of factory passwords that users didn't bother to change.
The size of this botnet can vary from a relatively small number of devices to millions of them. Whatever the size, the procedure is the same anyway. The criminals in charge of the botnet can direct the generated web traffic to a target and carry out a DDoS attack.
However, do not believe that any interruption or malfunction of a web service is the fault of an attack. Sometimes the number of legitimate users who want to access at the same time is more than the infrastructure can support. It happens for example with the sale of tickets for important matches or limited-time offers.
In the latter case, the inconvenience usually only lasts for a period of time.
Open source solutions to prevent DDoS attacks
Beyond that as Internet users, each one is responsible for the use made of our devices, There are many server-level solutions that can be used to prevent and mitigate these types of attacks. And, several of them are open source.
It's a powerful script that based on the netstat p commandIt allows you to block attacks by identifying and investigating the IP addresses that connect to the server.
-Automatic blocking of IP addresses
-Traffic black and white lists and their sources
-Easy notification and management for network administrators
-Automatic detection of rules associated with Iptables and advanced policy firewalls
-Ease of configuration
-Automatic email alerts
-Rejection of unwanted connections using tcpkill
-The program is available in the repositories of all server distributions.
Another tool that comes in the repositories of the server distributions.
It is very useful to identify and prohibit the sources of malicious DDoS traffic. The program scans the log files and identifies suspicious connections and patterns so that blacklists can be made. Using it reduces illegitimate and incorrect authentication attempts thanks to the use of powerful modules with different capabilities.
-Provides two types of analysis; deep and log files
-Records the time zone associated with the source IP traffic
-It integrates into the client-server architecture
-Allows to process various services, including sshd, vsftpd and Apache
-Easy configuration for the administrator
-It is compatible with all Firewall
-Access authorizations and bans can be created based on IP addresses
-It is possible to block brute force attacks
-Allows blocking of IP addresses based on time intervals
-It supports SSH-based environments
HaProxy it works in a different way. It is not only based on IP address detection but also on balancing the server workload.
-You can block traffic based on bandwidth consumption.
-It automatically creates tables of black and white lists of IPs that it builds based on rules established in its configuration.
-It can identify device networks, making it effective against DDoS attacks.
-Allows you to prevent different types of attacks and limit connections.
Of course with this we do not exhaust the subject. The best thing is that if you have a website, check with your hosting provider for the best precautions.