Anti DDOS Mitigation using CSF firewall

DDOS mitigation using csf firewall can help you to against low / mid level DOS and DDOS attacks on your Linux firewall. CSF is a complete security suite for Linux and cPanel servers, and can help you to deal with small attacks. Let’s learn more about DDOS mitigation configuration using CSF firewall on CentOS Linux.

Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks one of the most common things in the Internet. They are out there, attacking thousand of servers world wide each hour.

The purpose of DOS and DDOS is simple: take your server down, overload it, flood it with requests until your server gets offline.

Where do this DDOS attacks come from?

DDOS attacks come from multiple computers, 99% of the times, are infected zombie computers or electronic devices like security cameras and other home-connected electronics that you often don’t think that may be associated with internet attacks. Once the attacker hacks and controls the device, it can launch a coordinated attack against any host.

What’s the difference between DOS and DDOS?

The difference is simple, DOS is an attack launched from one single network. DOS are usually easy to block once you found the origin of the attack, you simply block it with your CSF firewall installation and that’s all.

When you have a DDOS against your server, it will come from multiple locations, usually hundred or thousand different locations from around the world.

Can DDOS be prevented?

There is no practical way to actually prevent Dos / DDoS attacks, because your server is connected to the internet. When you are connected to the internet, even with a simple local PC computer you are exposed to remote attacks. The only thing you can do is to mittigate its effects.

When you are under ddos and trying to mitigate the attack, the server will not respond normally, it will get slower than usual, it can often appear down temporary while the attack is decreasing. On large-volume attacks your provider can even null-route the server IP address to avoid from overload their entire network.

Can CSF firewall help me to stop only small / medium attacks? Why not large attacks?

Beacuse of the way DDOS works. For very large and distributed attacks, you must use a dedicated firewall, or an specialized antiddos shield that works on network level inside the datacenter where you are hosted, or you can use 3rd party anti-ddos services like Cloudflare, Incapsula or Level3 AntiDDOS services.

Unlike your single dedicated server, this 3rd party antiddos services have a huge network with hundred / thousand of servers, with Tbps of bandwidth, they can literally mitigate any kind of DDOS attack.

How can I enable the anti DDOS mitigation using csf firewall?

There are a few directives that can be enabled in order to protect you against DDOS using CSF.
This two options are called PORTFLOOD and SYNFLOOD.

SYNFLOOD DDOS Protection

SYNFLOOD protection on CSF is disabled by default, if you are 100% sure you are getting synflooded you can enable it with some strict rules, for example:

SYNFLOOD = "1"
SYNFLOOD_RATE = "50/s"
SYNFLOOD_BURST = "10"

This synflood protection will act if there are 50 connections from a single IP / sec for over 10 times. If it match those rules, then the IP will be blocked.  This must not be too strict, otherwise you will be blocking legitimate connections.

PORTFLOOD Protection

PORTFLOOD = "80;tcp;100;5"

This portflood protection will specify that If an IP address makes 100 connections in 5 seconds against HTTP port 80, then it will be automatically blocked.

Block countries against DDOS

If you find that you are getting attacked from just a few specific countries where you don’t have any internet traffic, then you can block this countries from your firewall. This can be done by using the “CC_DENY” variable, for example, if you want to block China you can use this:

CC_DENY = "CN,IN"

That way you can block an entire country or multiple countries if you need.

Conclusion

This are two settings that can be configured to mitigate small attacks on CSF firewall, however don’t think it will solve medium / large attacks, for those as we said before, you will need enterprise focused solutions.

DDOS attacks are the worst internet monsters, fortunately DDOS mitigation using csf firewall can help you if attacks are small.

About the Author: Martin Keler

Leave a Reply

Your email address will not be published. Required fields are marked *