John,
Several school districts in WA have also had problems with DDOS attacks.
The solutions have ranged from:
* Get a DDOS box that helps to manage and dump the traffic such as Forti
DDoS 900B, Cisco firewall with IPS, or run fail2ban on a linux server:
https://www.garron.me/en/go2linux/fail2ban-protect-web-server-http-dos-attack.html
or if you just need to protect a web server run mod_evasive:
https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache
The problem with these solutions is that many DDOS attacks really
require you to work with your providers to block the attack upstream.
The better upstream providers will work with you to block the attacks.
cheers,
ski
On 03/23/2016 07:45 AM, john boris wrote:
Here at $WORK a few of our sites that use the same ISP have been targets
of DOS attacks at random times. Part of my department handles the
network to our sites and the ISPs answer has been to just change the
external IP. Which stems the tide for a bit but it will rear its head
again in a short time. The attacks continue for a time then stop then
start up again.
I have been searching the net on this topic but I have not found what I
am looking for. We are a fledgling group in this area (By way of
reorganization and decentralization) and as the Grey Beard of the group
I have taken it on the roll as the person looking for solutions.
What I am looking for is what people have done to try and stave off an
attack. I know it is a moving target but I am looking for tools that
help monitoring the traffic to alert us when the traffic gets to a
certain point, also best practices on setting up a good defense.
I have read a bunch of articles that tell me what to do but I would like
to see how its done.
Example:
1. Use this tool to monitor traffic
2. Setup the firewall this way to this if A happens , B if this IP etc.
If you want to talk offline on this it is fine. I just want to find a
better way than changing our Public IP for our ISP each time. That just
strikes me as changing my phoe number to stop crank calls.
Thanks in advance.
--
John J. Boris, Sr.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, kacoro...@gmail.com, 206-501-9803
or ski98033 on most IM services
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
