Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

167 questions
0
votes
1 answer

Fail2ban fails to ban (dos attack)

I want to use fail2ban for protecting my server. The http server is a script node that I succeded at formatting the logs like following: 2017-03-18 18:03:32.940 [ INFO ] - ::ffff:192.168.1.56 GET / The interesting part of jail.conf…
rsabir
  • 191
  • 1
  • 2
  • 10
0
votes
1 answer

nginx rate limit based on location & header of post

Nginx has this useful module called ngx_http_limit_req_module where you can limit requests to the server based on IP or number of requests. Is it at all possible to rate limit the location that includes the custom header? e.g. I tried this but it…
hookenz
  • 14,472
  • 23
  • 88
  • 143
0
votes
1 answer

Protect Apache Against DOS

I'm using right the mod_evasive of Apache so I can reduce the probability of DOS. The problem that I had is that the application behind the reverse proxy(which is our server apache) is very weak and is developed so that one page loads 200 files…
rsabir
  • 191
  • 1
  • 2
  • 10
0
votes
1 answer

How to mitigate DOS attack on Heroku

I am hosting one of the projects on Heroku Standard 2x dynos plan. Everything was working alright until recently I started to get notifications from our uptime checker that website is down. After closer investigation of logs I noticed that most of…
Giedrius
  • 111
  • 2
0
votes
1 answer

AWS Load Balancer with mod_evasive apache

I have set up mod_evasive and mod_remoteip to change the proxy headers from the load balancer's to the client's actual ip. But I am running into problems when using mod evasive. at the moment, my configuration for mod evasive is: DOSHashTableSize…
harveyslash
  • 129
  • 2
  • 11
0
votes
1 answer

Received an email about abuse on our public dns server

We have several virtual machines on a public network due to the ip addresses being public. We received the following email today: We have received the following complaint for xxx.xxx.xxx.xxx. Please investigate, take any necessary actions, and…
ErocM
  • 226
  • 7
  • 23
0
votes
1 answer

Network interface fails to come up under heavy traffic

We're investigating an issue with our kit, which is an IP camera running Busybox Linux on a Ti-Davinci SoC. On one particular site there is a lot of network traffic (over which we do not have control) with one system spamming out broadcast packets…
John U
  • 161
  • 4
0
votes
1 answer

How does CT_LIMIT (the csf firewall setting) work?

I've been wondering if the csf firewall counts the connections for the last CT_INTERVAL seconds and then compares them to the CT_LIMIT value, or it just counts the current (at the moment) connections and then compares them to CT_LIMIT? Because, if…
Shumoapp
  • 101
  • 3
0
votes
2 answers

Large request body DoS attacks - is this really much of a concern?

Can anyone explain why limiting the maximum request body size is useful for preventing DoS attacks? ModSecurity defaults to 1MB for example with SecRequestBodyNoFilesLimit. I guess I'm wondering why this matters that much since I thought usually…
sa289
  • 1,318
  • 2
  • 18
  • 44
0
votes
2 answers

Should I expect reception of packets in hping3 --flood?

I'm testing a newly purchased VPS for DDoS vulnerability using hping3. If I do not use --flood, everything goes fine and I see close to 0% packet loss every time. But If I do use --flood, then the packet loss is always 100%. Is this normal? I think…
anukul
  • 109
  • 1
  • 3
0
votes
1 answer

Mod_evasive not blocking a DOS attack using HEAD requests

Using Apache/2.2.15 on RHEL6 with mod_evasive config: DOSHashTableSize 3097 DOSPageCount 14 DOSPageInterval 2 DOSSiteCount 70 DOSSiteInterval 1 DOSBlockingPeriod 60 Unfortunately it didn't block this attack, which only…
steve0
  • 1
  • 2
0
votes
1 answer

How can I tell if a cisco router is dropping pings due to DOS suspicion or if it's experiencing packet loss?

We use a PRTG server that's connected to a cisco 6500, which feeds a large network of about 1200 switches and radios in a router-on-a-stick topology. In PRTG I'm able to set a 'ping burst' sensor on a device, and I can set the ping size, count,…
demiAdmin
  • 155
  • 1
  • 9
0
votes
1 answer

Mitigate DDos on Windows box

I would love to know, If you know some way to mitigate DDos/Dos attacks on Windows. In Linux we can Mitigate using the IPTables Almighty, but I wonder If there is something like that in Windows. I am talking about pure Window Protection, No Cloud…
Ammar Brohi
  • 11
  • 1
0
votes
1 answer

Abort any POST VERB operation in IIS

My site is getting DOS attack with POST VERB, my site is a static site and I am trying to stop any POST action on the home page. I had the URL Rewrite installed on my server, so I am trying to write rule to abort POST on homepage, but it is not…
Tippu
  • 101
  • 2
0
votes
5 answers

MSSQL 2005 on port 1433 gets DOS from infected servers

I have a SQL Server 2005 server hosted outside my firewall at a data center. It is fully up-to-date on patches, etc. There's some old MSSQL worm (Slammer?) that STILL infects thousands of servers worldwide, and they hunt for servers to infect. When…
richardtallent
  • 163
  • 2
  • 8
1 2 3
11 12