DDoS Question

[-KaaL-]

Hi Bob,

I have noted those settings and will do that incase of a DDoS Attack.

Also I have CSF installed on my server.
Here are the settings related to Connection Tracking..

Code:

CT_LIMIT  = 200
CT_INTERVAL = 30
CT_EMAIL_ALERT = 1
CT_PERMANENT = 0
CT_BLOCK_TIME = 1800
CT_SKIP_TIME_WAIT = 0
CT_STATES =
CT_PORTS =

[Bob.]

Quote:

Originally Posted by -KaaL-

Hi Bob,

I have noted those settings and will do that incase of a DDoS Attack.

Also I have CSF installed on my server.
Here are the settings related to Connection Tracking..

Code:

CT_LIMIT  = 200
CT_INTERVAL = 30
CT_EMAIL_ALERT = 1
CT_PERMANENT = 0
CT_BLOCK_TIME = 1800
CT_SKIP_TIME_WAIT = 0
CT_STATES =
CT_PORTS =

During an attack you'll want to lower CT_LIMIT down to around 100, but if you set it to anything lower than that you'll probably begin to see false positives. You can use the "netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr" command to help you fine tune the limit. I would also enable permanent bans by setting CT_PERMANENT to 1 and set CT_STATES to ESTABLISHED,NEW. If you wanted to 'loosen' things a bit when your not under attack I would raise CT_LIMIT back up to 200 and disable permanent banning (so if a legitimate user does happen to get picked off, they do not have to contact you to get the block lifted) - once again reducing the risk of false positives.

[grniyce]

CSF Settings:
- 125 every 15 seconds (make perm or make temp 3600 seconds)
- turn off syn flood protection in csf as LSWS settings above work better

[anewday]

10 is too high for dynamic req/s.

[grniyce]

I was told to setup the dynamic req/sec to (one for every 256mb of ram)? What would you suggest?

[anewday]

I set mine at 2 and no one on my forum ever complained of getting 503 error due to that.

[-KaaL-]

Till now server seems to be running smoothly.. thanx to all who replied.

Will installing mem_cache further strenthen the server or does LiteSpeed already have some inbuilt functions to take care of it ?