Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

169 questions
33
votes
7 answers

How to best defend against a "slowloris" DOS attack against an Apache web server?

Recently a script called "slowloris" has gained attention. The basic concept of what slowloris does is not a new attack but given the recent attention I have seen a small increase in attacks against some of our Apache websites. At the moment there…
KPWINC
  • 11,274
  • 3
  • 36
  • 44
27
votes
3 answers

Why are NginX and Lighttpd not affected by Slowloris?

I am investigating the vulnerability to Slowloris and I think I understand how and why this sort of attack works. What I don't understand is why Lighttpd and NginX are not affected (according to the same article as linked above). What do they make…
The Shurrican
  • 2,230
  • 7
  • 39
  • 58
22
votes
3 answers

How do I block specific IPs and IP ranges in IIS7?

I'm trying to block various IP addresses from every site that I have hosted from an server running Windows 2008 and IIS7. I've found various information about how to do this using Deny rules from "IPv4 Address and Domain Name Deny Rules (IIS 7)" in…
fordareh
  • 660
  • 1
  • 7
  • 16
22
votes
2 answers

Prioritise ssh logins (nice)

Is there a preferred way to set "nice" for sshd? I need priority given to sshd such that I can login and easily fix stuff when something has gone wrong (eg DoS, badly behaved processes, etc)
s29
  • 338
  • 2
  • 6
18
votes
5 answers

Any reason not to enable DoS Defense in my router?

I recently found a DoS Defense setting in my DrayTek Vigor 2830 router, which is disabled as default. I'm running a very small server on this network and I take it very serious to have the server up and running 24/7. I'm a bit unsure if the DoS…
ThomasCle
  • 305
  • 1
  • 4
  • 10
10
votes
8 answers

Servers harrassed by individual on constantly changing IPs

We run a community product. There is an individual (a little PoS kid) in the UK that is harassing our site for the last 6 months. His daily task is to create a new account, post a bunch of illegal / inflammatory content, get a rise out of people,…
Arronsky2
9
votes
4 answers

Stopping a DOS attack

One of the sites I work with has recently started to get DoS'd. It started out at 30k RPS and now it's at 50k/min. The IP's are pretty much all unique, not in the same subnet, and are in multiple countries. They only request the main page. Any tips…
William
  • 367
  • 4
  • 11
9
votes
3 answers

What's the probable cause for extremely low inbound traffic and high outbound traffic?

Yesterday our Digital Ocean server encountered something that looked like an attack. The outbound traffic suddenly increased to 700Mbps, while the inbound traffic stayed at about 0.1Mbps, and didn't increase even once. The traffic lasted for several…
Krzysztof Kraszewski
  • 193
  • 1
  • 4
9
votes
2 answers

Linux: prevent outgoing TCP flood

I run several hundred webservers behind loadbalancers, hosting many different sites with a plethora of applications (of which I have no control). About once every month, one of the sites gets hacked and a flood script is uploaded to attack some bank…
Willem
  • 2,712
  • 3
  • 27
  • 34
9
votes
5 answers

What are the best techniques for preventing denial of service attacks?

Currently I have been using (D)DoS-Deflate to manage such situations on numerous remote servers, along with Apache JMeter for load testing. Overall it has been working fairly well, although I'd like to hear some suggestions from gurus who have been…
John T
  • 1,059
  • 1
  • 15
  • 19
8
votes
2 answers

What does enable DoS protection in Synology DSM 5 do?

If I open Control Panel > Security > Protection, check Enable DoS Protection and click Apply, what kind of traffic gets blocked? The text reads "Denial-of-Service (DoS) protection helps to prevent malicious attacks over the internet." I cannot find…
tomsv
  • 273
  • 3
  • 8
8
votes
2 answers

Protecting against Keep-Dead Denial of service

i thought my server was safe with http-guardian but apparently not. Some smart arse keeps hitting my server with 'Keep-Dead' and causing it to crash. I've looked through the logs but can't see anyway to tell the requests apart from a regular…
Stevie
8
votes
2 answers

Detecting server abuse

Is there any standard way to prevent shared web servers from being abused? I run a CPanel box with a few people on it, and I get the occasional person that decides to use it to DoS other websites. My current 'detection' involves looking at Munin…
devicenull
  • 5,572
  • 1
  • 25
  • 31
7
votes
4 answers

Is account lockout a denial of service attack waiting to happen?

The default behaviour of windows is to lockout an account after a number of failed authentication attempts (usually three).. This means that with the following net use \\targetmachine\c$ /user:targetaccount notthepassword net use \\targetmachine\c$…
Bruce McLeod
  • 1,738
  • 2
  • 14
  • 12
6
votes
4 answers

How to stop a ICMP attack?

We are under a heavy icmp flood attack. Tcpdump shows the result below. Altough we have blocked ICMP with iptables tcpdump still prints icmp packets. I've also attached iptables configuration and "top" result. Is there any thing I can do to…
cumhur onat
  • 163
  • 1
  • 4
1
2 3
11 12