Thursday, 9 August 2012

HOW TO PREVENT DOS ATTACK USING CSF FIREWALL

HOW TO PREVENT DOS ATTACK USING CSF FIREWALL

What is a DOS Attack ?
DOS (Denial Of Service) attack means getting a flood of request from an IP address to a service ( like apache ) running in your server, so that the service becomes down or making the service unavailable to other (real) user who needs to use the service . The hackers often make DOS attack to the apache web-server ( running in port 80 ), to make the webserver down.

How to prevent DOS Attack to apache using CSF firewall ?
CSF is iptables based firewall. It is a effective one and used in most Linux servers.
Using CSF firewall you can eliminate DOS attack to apache in a easy way, by using the following steps :

Step 1 : Open the CSF configuration file /etc/csf/csf.conf

Step 2 : In that, search for option called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=60 , here 60 is the max no.of connections from an IP to your server ( choose this value according to your server usage )

Step 3 : Now search for option called CT_PORTS.This option is used to specify the port for which you want to prevent DOS attack.Since our aim is to prevent the DOS attack to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80″

After completing the above steps, whenever the server have 60 established connections from an IP address to apache, it is considered as a DOS attack and that IP address is blocked in firewall.

Note: In CT_PORTS you can specify the ports to be prevented for DOS attack, that is if want to prevent DOS attack to mail server then specify CT_PORTS=”25″. You can specify any number of ports in a comma separated format, like CT_PORTS=”80,25,110″

If CSF is not installed then use the following steps to install CSF.
==================================================

1) Steps to install CSF firewall on your Centos Linux Server
====

Step 1:
Make sure perl modules are installed.
yum install -y perl-libwww-perl

Step 2:
Download, unpack the tar file.
Download from the link :  http://www.configserver.com/cp/csf.html


Commands to be used:
cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -zxvf csf.tgz
cd csf
./install.sh

Step 3:
Edit the configuration with your favorite editor, in this case I used vi:
vi /etc/csf/csf.conf 
Edit the value from: 
TESTING = "1"
to => TESTING = "0"
 
Step 4: Restart the service:
/etc/init.d/csf restart
 
Kool csf installed 

No comments:

Post a comment

Note: only a member of this blog may post a comment.