Server attacks (mainly floods)
Hi, does anyone know anything about UDP floods, SYN floods, or Smurf attacks? I have already researched them a little. My server has been being hacked, or at least attempted to be hacked, and the router caught mainly caught these 3 attacks. However, today someone got into through to the FTP and were spoofing their IP to make it look like it was coming from my network. We have already taken the FTP down and closed the port, the only port open right now is 80 and we are hosting a site that needs to be up. Anyone have any tips or further information to help me prevent this?
what type of Operating System do you use? If you want to block syn flood, you can use syn cookies. (yum cookies :) )
syn floods happen by using the three-way handshake, where the attacker sends syn messages but does not send the ack part back to the server (means that the attacker has established a connection to the server)
the attacker can either do an ip spoof, which ends up with the server never receiving the ACK packet, and it ended up waiting till the server crashes.
for UDP, i read that by deploying a firewall, you can pretty much stop that kind of attacks.
for smurf attacks, you can configure individual hosts and routers not to respond to ping requests to broadcast addresses and configure routers not to forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default, but in that year, the standard was changed to require the default to be not to forward.[3]
Another proposed solution, to fix this as well as other problems, is network ingress filtering which rejects the attacking packets on the basis of the forged source address
but i honestly dont know, the little blue dudes look adorable on TV