Block DDoS attacks

how do I block DDoS attacks in nethserver ???
Help Me
Thanks
Rian Form Indonesia

Hi,

some more information would help us.
Maybe this article helps you?

shorewall.conf directory no my server nethserver :frowning2:
please help me

@Hunv, I’m not sure and I can’t check it now, but I think that the blacklist option has been added by default.
@RianSuryaPra, shorewall is present in all NethServer systems.

To protect against DDoS, you need help from your Internet Service Provider.

@filippo_carletti
@Hunv

to keep more secure we want to make your own with nethserver fail2ban plugin ,

AFAIK, fail2ban works out of the box.
I’ve limited experience with it, but positive.

fail2ban should work pretty much straight out the box and help protect against small DDOS attacks.

For larger DDOS attacks, @filippo_carletti is correct, you would need help from your ISP as it will get to the point where your connection cannot handle it and it will also negatively impact your ISP’s infrastructure, so it would be in their best interests to help with with regards to preventing/mitigating DDOS attacks.

2 Likes

@Hunv
@bwdjames
@filippo_carletti
oh okay thanks for replying to my questions and answers that really helped me to DDoS attacks , I will try to contact my ISP so that could help me in that regard

Thank you very much

Is it really DDoS attack? Or only some annoying traffic from Chinese server on SSH port etc.? If it is really large DDoS attack, you cannot cope with it on your own. The only way on your endpoint is powerful HW able to handle this amount of traffic (some multicore beast like mikrotik CCR1036 or better something more specialized with ASICs specially designed for this) and pray you will not run out of your link capacity as @bwdjames said.

What type of services are you running on your site? Maybe transfer to some “cloud” platform may be better and left them to cope with DDoS and other stuff.

1 Like

There are some situations where firewalls just can’t cope with DDoS attacks, if you know the IP address and/or segment you can route the traffic to nothing. Routing the DDos Attacks to nothing or “null” places less burden on your firewall. This would effectively route the offending traffic to a black hole, which will minimize your overall load and allow you to continue to use your network connection.

How Do I Drop or Block Attackers IP Address With Null Routes On a Linux?

The one advantage of this solution is that it doesn’t need any configuration on NethServer itself, a drawback is, you need to identify the offending IP and or segment and manually perform the command at the console. Subsequent network restarts or computer reboots will remove the route to null.

That has an advantage and disadvantage:

The advantage is, if you make a mistake and add the null route to your own IP and/or segment you will lose all network connections, this would require you to locally remove the route or reboot your computer thus restoring what your configuration was earlier (before you started adding the null route).

The disadvantage is, in order to save the null route you will need to configure an execution template for your network and script the null traffic in every network restart and/or computer reboot. This isn’t quite a disadvantage, it’s a matter of digging into the Admin and support documentation provided by the NethServer team. There are plenty of examples in this forum and on the web if you Google around.

If you need additional assistance in what I’m referring to, I should be able to assist when/where I can.

I’m not aware of and scripts or apps that actively add “null” routes on potential DDoS attacks, everything I know has always been after the fact. Perhaps the Dev Team can implement and develop a new solution to do this automatically…?

4 Likes

Although I don’t think DDos attacks are so common with our use cases, I would be proved wrong.
Thanks for your explanation, though.