DDoS Attack Protection

CRServers · June 8, 2011, 12:26pm

Our Interworx server had a DDoS attack last week.

We finally stopped it by blocking a bunch of IP’s and networks.
The techs that helped us installed a script called (D)DoS Deflate which supposedly helps to mitigate the attacks to some extent.

Now we are wondering if there are other measures that we can take to protect our server from experiencing such attacks again.

I searched the forum and found a thread about Mod_dosevasive and that Interworx had an experimental version (http://forums.interworx.com/showthread.php?p=2562#post2562). But this is a really old thread so I wonder if there is something better, or if Interworx is still working on this.

There is also mod_evasive. Does Interworx use that mod?

Has anybody else had this type of problems before?

What other measures would you suggest?

Thanks,

Rodrigo

CRServers · June 10, 2011, 10:01am

No replies??
Not even from Interworx staff?
… I wonder if this is a dumb question :rolleyes:

IWorx-Robert · June 10, 2011, 10:11am

Took me some time to look into this one, I’ve got to admit.

There’s an awful lot of data out there on the Internet about DDOS mitigation techniques, but probably the most comprehensive and well-thought-out solutions are presented by the SANS Internet Storm Center, who deal with things like this on a daily basis.

In point of fact, there’s a paper in their Reading Room section about all sorts of denial-of-service mitigation mechanisms and prevention systems. Worth a look-through at least, but there’s nothing I can think of specific to InterWorx itself. I’ll give a poke to the more experienced guys around here and see if we come up with something.

CRServers · June 10, 2011, 10:19am

Hi Robert,

Thanks for your answer.

Specifically I’m wondering about mod_evasive, mod_dosevasive (see previous post) and DDoS Deflate script.
If these, or any other software alternatives, can be implemented in an Interworx server.

I will read the links provided by you.

Regards,

CRServers · June 10, 2011, 10:24am

[QUOTE=IWorx-Robert;18079]
In point of fact, there’s a paper in their Reading Room section [/QUOTE]

That link does not work

IWorx-Robert · June 10, 2011, 10:27am

Really? Interesting. Here, I’ll attach the paper here, then.

summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro_1212.pdf (485 KB)

IWorx-Robert · June 10, 2011, 1:27pm

By the way, both mod-evasive and mod-dosevasive are just fine on an iworx install. Neither cause any problems, in case anyone was wondering.