This is a simple guide, originally written by
eth0. Using these few techniques your server will attempt to stop DoS attacks
(by distinguishing some legitimate connections from those that are supposed to be malicious), harden the
resolf.conf file
(to stop spoof DoS attacks) and fix the
hosts file
(removing unwanted entries).
Distinguishing those DoS attacks
In an attempt to stop DoS attacks, you can enable
tcp_syncookies which will allow the server to distinguish some legitimate connections from those that are meant to be malicious. For a further explanation on
tcp_syncookies, click
here.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Hardening resolv.conf
You should also change the
resolv.conf to make sure no spoof DoS attacks can be sent from your server, to your server.
nano -w /etc/resolv.conf
Typically, your
resolv.conf file could look like this:
nameservers xx.xxx.xxx.xxx
search xxxxx.com
If you see anything like the below, you need to remove the line which has the IP
127.0.0.1 in.
nameservers 127.0.0.1
search xxxxx.com
What you need to do is make sure that you have at least your server's IP address at the top of the file. This means it will query your server. It just works like
127.0.0.1 however that IP address causes problems locally. So you could end up with something like this:
nameservers your.ip.address.here
Once you have done that save the file.
Removing additional hosts entries
In this file, only 2 lines should be listed
(after the comments, if any). They should look something like this:
127.0.0.1 localhost.localdomain localhost
xxx.xx.xxx.xx host.mydomain.com host
If it does look like this
(ignore formats such as tabs, etc) then the
hosts file is correct. If it does not make sure you add a local domain with the IP address
127.0.0.1 and then your server's IP address with it's host name. If you have any more entries in that file, you can remove them.
Posted by Steven Sullivan on 10th October, 2006 - 10:17:48 GMT
There are no comments. Why not be the first to comment?
