Types Of DDOS attacks
Application level
Network Protocol
Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets
ICMP Png command.
ICMP relies on attacking nodes sending false error requests to the target
SYN flood: 3 way TCP handshake
- Client sends syn packet
- server sends syn+ACK and
- waits for Acknowledgement for client to establish a connection. but hacker not sends it..
we can tweak it in linux sysctl.conf
How to Prevent DDOS Attack
Check for the Server Access Log
Linux auth log
Error logs
Rate limit a IP ex: Nginx rate limiting
BanIP Using Fail2ban
Harden linux security by tweaking sysctl
Use third party services like cloudflare as reverse proxy to your server.
How to Stop SSH brute force attacks
CRON[22610]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 24 04:09:01 -s-4vcpu-8gb-blr1-01 CRON[22610]: pam_unix(cron:session): session closed for user root
Apr 24 04:15:56 -s-4vcpu-8gb-blr1-01 sshd[23550]: Invalid user code from 190.128.131.102 port 33174
Apr 24 04:15:57 -s-4vcpu-8gb-blr1-01 sshd[23550]: Received disconnect from 190.128.131.102 port 33174:11: Bye Bye [preauth]
Apr 24 04:15:57 -s-4vcpu-8gb-blr1-01 sshd[23550]: Disconnected from invalid user code 190.128.131.102 port 33174 [preauth]
sshd[16993]: error: maximum authentication attempts exceeded for root from 87.241.1.186 port 54861 ssh2 [preauth]
Apr 24 03:19:05 -s-4vcpu-8gb-blr1-01 sshd[16993]: Disconnecting authenticating user root 87.241.1.186 port 54861: Too many authentication failures [preauth]
Apr 24 03:19:08 -s-4vcpu-8gb-blr1-01 sshd[16995]: error: maximum authentication attempts exceeded for root from 87.241.1.186 port 56491 ssh2 [preauth]
Apr 24 03:19:08 -s-4vcpu-8gb-blr1-01 sshd[16995]: Disconnecting authenticating user root 87.241.1.186 port 56491: Too many authentication failures [preauth
- use SSH only through a private IP from your computer
- Disable root login
- disable password login only use public ssh keys
- change port
- use fail2ban to ban ip addresses
- 2 factor authentication with google re captcha
DDoS Attacks
Memcached DDoS Attack
NTP Amplification Attack
DNS Amplification Attack
SSDP Attack
Low and Slow Attack
Application Layer Attack
Layer 3 Attacks
Cryptocurrency Attacks
Ransom DDoS attack
Smurf Attack (historic)
Ping of Death (historic)
ACK Flood Attack
DNS Flood
HTTP Flood
Ping (ICMP) Flood Attack
QUIC Flood Attack
SYN Flood Attack
UDP Flood Attack