Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-02-2010, 02:54 PM   #1
Registered: Dec 2006
Distribution: Debian,Slackware,FreeBSD,CentOS,Red Hat,Windows Server 2008
Posts: 133

Rep: Reputation: 16
DDOS and pf


I'm facing a DDOS on one of my servers with centos installed that hosts few websites, and I figured out to put OpenBSD or FreeBSD and configure pf with synproxy, like the *BSD is in the front with two network interfaces- public and private- with some nat rules to centos, could this solve the problem or reduce it at least?

Thanks in advance.
Old 06-03-2010, 12:22 PM   #2
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 164Reputation: 164
Have you enabled iptables rules to eliminate as much traffic as you can? Have you given mod_evasive a try? Have you reconfigured the spawned clients, timeouts, etc to help apache deal with the syn attacks? What kind of hardware are you dealing with? How large is the ddos (how many connecting hosts)? How is your network holding up against the ddos? Is the machine having problems or the network itself?

On a large ddos everything becomes moot more or a less, but on a small to moderate sized one even a single machine can take a lot of measures to minimize the damage. A firewall in front is definitely a good idea, but there is a lot you should look at before that even.

A few quickies to try:

Last edited by rweaver; 06-03-2010 at 12:26 PM.
Old 06-03-2010, 01:55 PM   #3
Registered: May 2001
Posts: 28,826
Blog Entries: 55

Rep: Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342
We've covered DoS and DDoS options in the Linux Security forum extensively. Please search for threads on the subject. I'm sorry to say but you'll find that, regardless the type, host-based measures simply won't cut it: you'll want to involve upstream for filtering, limiting or temporarily severing the pipe.
Old 06-03-2010, 02:48 PM   #4
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
I'd love to see hard data first. A lot of the time, people assume they are DoS'd but its actually something else. For instance, I'm pretty sure that most people would think they're being DoS'd if they've a mail server that is misconfigured and in an open-relay state.

Details first, so we can help and assess if this is even a DoS/DDoS issue.
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hello / DDoS attacks cybernet2u Linux - Security 7 11-21-2009 09:30 PM
DDOS attack help me dheeraj4uuu Linux - Security 9 05-31-2009 03:07 PM
Concerning DDoS attacks joji_in_changwon Linux - Security 13 11-27-2007 11:12 AM
Ddos Mag|c Linux - Security 2 08-16-2003 09:41 PM
ddos attack ashis Linux - Security 1 06-14-2001 02:31 AM

All times are GMT -5. The time now is 02:14 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration