Network Security Issues

From Oxxus Wiki

Jump to: navigation, search

For most-secure VPS servers take a look at our VPS hosting offer.

Network layer security issues - DDOS attacks

Although you cannot do much when your server is attacked over DDOS, you can test if your server is under attack simply by using tcpdump. If tcpdump isn't installed, you can install with

yum -y install tcpdump
 

Now, try this command:

tcpdump -i venet0 not port 22
 

That should show you all traffic except through port 22, as you are using SSH to view this traffic, so it wouldn't be logical to view all traffic between you and the server.

Most of DDOS attacks are through UDP protocol, although earlier tcp syn attacks were popular, you can view whole udp traffic with:

tcpdump -i venet0 udp
 

If your server is under DDOS attack, you should see quite a few IPs constantly sending packages to irregular ports on your server. You can then inform your provider (us in this case) to confirm the DDOS attack and take steps to neutralize it.

Bring firewall up and running

If you are using some of the services over your static IP or small network, you can protect the box by allowing only certain ports that are publicly used to be available, while the rest are blocked.

This is a sample script:

#!/bin/sh

iptables=/sbin/iptables

$iptables -F
$iptables -A INPUT -j DROP
$iptables -I INPUT -p tcp --syn --dport 80 -j ACCEPT
$iptables -I INPUT -p tcp --syn --dport 443 -j ACCEPT
$iptables -I INPUT -d 127.0.0.0/8 -j ACCEPT
$iptables -I INPUT -s 71.123.64.105/29 -j ACCEPT
$iptables -I INPUT -s 61.253.196.193/29 -j ACCEPT
$iptables -I INPUT -s 217.211.125.170 -j ACCEPT
$iptables -I INPUT -p udp -j ACCEPT
$iptables -I INPUT -p tcp --syn --sport 80 -j ACCEPT
$iptables -I INPUT -p tcp  --syn --sport 25 -j ACCEPT
 

It works by first blocking all the traffic and then allowing certain ports, source addresses etc to pass to the server. You can make a file /etc/rc.firewall, put this script, do chmod +x /etc/rc.firewall and add it to the end of the /etc/rc.local file to run after a reboot.

This script will pass packets for ports 80, 443. And allow access to the server from networks 71.123.64.105/29, 61.253.196.193/29, 217.211.125.170

You can use more sophisticated firewall solution that has greater configuration options. Check out APF

Contact About Us Support Network Servers Java Hosting Oxxus.net Order Now! Dedicated Servers VPS Hosting Tomcat Hosting Java Hosting Money Back Guarantee Privacy Policy Oxxus.net Terms of 
Service Contact About Us Servers Networks Support Domain Names SSL Certificates Java Wiki Tutorials E-learning 
Platforms