---

Help-Net Security: Start your day with a cup of DoS

[ Thanks to LogError for this link.
]

“…With linux in specific, a number of things can be done
to protect your server from a DoS attack. Use firewalling, filter
all incoming TCP, UDP, PING traffic. Packet filtering sometimes can
be your best defense against a DoS.
If you’re running the
2.2.x kernel series get acquainted with ‘ipchains’ by reading some
material on it, perhaps ‘man ipchains’ for starters, more info can
be found in any ipchains HOWTO, and one of them is located here. On
the other hand, if you’re running the 2.4.x series, you’ll probably
want to use ‘iptables’. But, before you implement it, be sure to
get the latest patch for the recently discovered vulnerabiltiy in
iptables. More info on iptables can be found here and if you’d like
to know more about the vulnerability feel free to read it.”

“On the other hand, again, by disabling all unnecessary services
you achive some bonus time for your server. A succesfull DoS is
only telling you that you need to secure your servers better.”

“Running a firewall, third party supplied, is also a good idea,
as it is time saving. You could create your own and rely on it but
I think of it as a bad idea, as there are more qualified people and
companies devoted to making firewalls.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis