Mod_evasive – Prevent DDOS Attack

Posted: December 27th, 2011 | Author: | Filed under: apache, centos | redhat | fedora, config | No Comments »

Installing Modevasive
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera.

-> Execute the following commands to install it:

#wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
#tar -xzvf mod_evasive_1.10.1.tar.gz
#cd mod_evasive
#/usr/sbin/apxs -cia mod_evasive20.c
#rm -rf /root/mod_evasive*

-> Test to make sure it was loaded:
#grep -i evasive /etc/httpd/conf/httpd.conf

Next, edit /etc/httpd/conf/httpd.conf and uncomment (remove the # in front of each line) the following:

<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>

 

-> Restart Apache by executing the command

#/etc/init.d/httpd restart

Info
—-

  • DOSHashTableSize: is the size of the table of URL and IP combined
  • DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
  • DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
  • DOSPageInterval: is the interval that the hash table for IPs and URLs is erased (in seconds)
  • DOSSiteInterval: is the intervale that the hash table of IPs is erased (in seconds)
  • DOSBlockingPeriod: is the time the IP is blacked (in seconds)
  • DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
  • DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
  • DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1

Although mod_dosevasive can be quite effective in some cases, in others it can cause more problems by blocking non-offending IPs. It is suggested you take a look at hardware solution if you.

 

Source : http://www.zdziarski.com/blog/?page_id=442

Source : http://sabarish4u.wordpress.com/2008/11/21/157/

Guide to calculate SUBNET and BROADCAST adress

Posted: December 15th, 2011 | Author: | Filed under: general | No Comments »

Refer : http://www.shunsoft.net/ipcalc/help/index.html

Install and configure SNMP on CentOS

Posted: November 24th, 2011 | Author: | Filed under: centos | redhat | fedora | No Comments »

This guide describe howto install and do a basic configure of SNMP on a RedHat Enterprise Linux or CentOS.

1. Installation

Run command yum install net-snmp-utils

[root@dull etc]# yum install net-snmp-utils

2. Configure

do a backup of the snmpd config file.

[root@dull ~]# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old

Create a new config file.

[root@dull ~]# vi /etc/snmp/snmpd.conf

  • rocommunity  public
  • syslocation  “PDC, Peters DataCenter”
  • syscontact  [email protected]

Start the snmpd service

[root@dull ~]# /etc/init.d/snmpd start

Do a snmpwalk to make sure it is working

[root@dull ~]# snmpwalk -v 1 -c public -O e 127.0.0.1

SNMPv2-MIB::sysDescr.0 = STRING: Linux dull 2.6.18-92.1.17.el5 #1 SMP Tue Nov 4 13:45:01 EST 2008 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (16748) 0:02:47.48
SNMPv2-MIB::sysContact.0 = STRING: [email protected]
SNMPv2-MIB::sysName.0 = STRING: dull
SNMPv2-MIB::sysLocation.0 = STRING: “PDC, Peters DataCentral”
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01

Yes, it is working

And finally, make sure snmpd starts next time you restart your machine.

[root@dull ~]# chkconfig snmpd on

Blog Widget by LinkWithin
« Older Entries
Newer Entries »