Brute Force DDOS

Revision as of 16:42, 17 May 2014 by Hugh (Talk | contribs)

As well as hacking attacks on servers and infrastructures a common approach to block access by users to content is to perform a Distributed Denial of Service(DDoS) attack. This is a very effective tactic if the attacker has access to either their own botnet infractructure or the financial resources to pay for such an attack.

As DDoS attacks become more common the price of such attacks has dramatically plummeted with many individuals offering such attacks for as little as $10/day - depending on the target.

There are a number of mechanisms and tools available for DDoS mitigation depending on the type of hosting.

Shared Hosting

In this scenario, unless the provider offers DDoS mitigation services, it is best to seek the aid of an external group. Several groups provide free online services that offer complete DDoS protection for NGO, Journalist, Activist or Civil Society websites. The following roups provide completely free services.

Deflect.ca Is a free(and will always be free) open source non-commerical system made for activists by activists. Sign up for a site is straight forward, simply visit Deflect.

Deflect is sensitive to the special requirements of its users and can upon request securely destroy all logs.

CloudFlare This is a commerical system which also provides free services for civil society websites. As the site is commericial users are subject to their terms and conditions. It is a large, successful provider with many commercial clients. It is in its best interest to provide a strong service but free clients may not receive the same level of support as those who pay.

Project Shield Is Google's offering in the DDoS mitigation space. Again it is backed by a large corporation with a great deal of resources at their disposal. For civil society websites its service is free. Project Shield is currently invite-only.

Dedicated/VPS Hosting

As above all websites can benefit from the special services of the above groups if they qualify for free protection. This is by far the simplest approach and places the work load with experienced professionals.

If, however, the user wishes to set up their own anti-DDoS system there are a number of open source tools that can help.

BotnetDBP Is a suite of tools that evolves from the original fail2ban to offer a range of functionality. The core elements are a fast banning system, Banjax/Swabber, which is plugged into the Apache Traffic Server(ATS) proxy system. A machine learning tool, learn2ban, which is capable of identifying malicious botnet requesters based on pre-built models of attacks. And finally, Challenger, which offers the ability to respond to botnet, or suspected botnet, requests with either a Javascript challenge or a by serving a captcha page to determine the legitimacy of the request.

More information can be found here

Open Source Deflect

Deflect itself can be deployed by individuals or groups to create their very own Deflect network. All is required is to follow the Deflect DIY

Fail2ban Is a regex based banning tool that is extremely effective against DoS and brute force attacks. It is used in conjunction with IPTables to ban malicious requests that match its defined regular expressions. It can be found here. fail2ban's default configuration enables it to block attackers attempting to brute force username and password combinations to the SSH service. If a server's SSH port is exposed to the open internet, then it is strongly advised that fail2ban or a similar tool be installed.

Against brute force password attacks fail2ban is an extremely useful tool. It can be set to ban IP Address that repeatedly attempt to access certain website pages, such as the login or admin pages.