How can I block DDoS attacks using Juggernaut Firewall?

Juggernaut Firewall can block limited types of DDoS attacks on your server.

To Block Too Many Connections

Enable the tracking of all connections from IP addresses to the server. If the total number of connections is greater than this option then the offending IP address is blocked. This can help stop some types of DOS attack. To disable this option set to 0. Warning: Do not set this number too low. A recommended setting would be around 250-400.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Connection Tracking
  2. Set the Connection tracking limit to something like 250-400. If you want to limit connection tracking to specific ports (e.g. so FTP connections are not counted) then fill in the ports 80,443 under Connection tracking ports.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To Block Distributed Attacks

Enable the tracking of login failures from distributed IP addresses to a specific application account. If the number of failures matches the application trigger then all of the IP addresses involved in the attack will be blocked. Tracking applies to LF_SSHD, LF_FTPD, LF_SMTPAUTH, LF_POP3D, LF_IMAPD, LF_HTACCESS.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Distributed Attack Tracking
  2. Check the Distributed Attack Tracking option to enable it.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To Block Networks that Attack you Repeatedly

Permanently block IPs by network class. Permanently block classes of IP address where individual IP addresses within the same class LF_NETBLOCK_CLASS have already been blocked more than LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. This can help blocking DDOS attacks launched from within the same network class.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Netblock Settings
  2. Check the Netblock blocking option to enable it.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To Block SYN Flood and UDP Food Attacks 

Enable SYN Flood Protection (This should only be enabled during the attack as leaving these on will slow down the server). This option configures iptables to offer some protection from tcp SYN packet DOS attempts. This option will slow down all new connections from any IP address to the server if triggered so it should only be enabled if you are under a SYN flood attack.

Enable outgoing UDP Flood Protection. This option limits outbound UDP packet floods. These usually are from from exploit scripts uploaded through vulnerable web scripts. If you use services that utilize high levels of UDP outbound traffic, such as SNMP you will need to adjust UDPFLOOD_LIMIT and UDPFLOOD_BURST options accordingly.

  1. Navigate to Juggernaut Firewall -> Settings -> Firewall -> Port Flood Settings
  2. Check the SYN flood and UDP flood protection check boxes to enable them (these should be disabled after the attack is over).
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

  • ddos
  • 2 Utilizadores acharam útil
Esta resposta foi útil?

Artigos Relacionados

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...

Where are the configuration files for Juggernaut Firewall located?

Configuration files are located in the /etc/csf/ directory with the main firewall configuration...

How can I use Juggernaut Firewall to monitor a list of directories?

Enter the Directories You Want To Monitor Navigate to Juggernaut Firewall -> Settings ->...