How to configure high-availability defense against DDoS attacks on Linux

How to configure high-availability defense against DDoS attacks on Linux

Overview
With the development of the Internet, DDoS (Distributed Denial of Service) attacks have become increasingly rampant. It works by flooding and overloading target servers with large amounts of malicious traffic, thereby rendering services unavailable. In order to protect the server from DDoS attacks, we need to configure a highly available defense mechanism.

In this article, we will introduce how to configure a highly available defense against DDoS attacks on Linux and give corresponding code examples.

Implementation steps

1. Use a firewall to filter malicious traffic
   First, we need to install and configure a firewall on the server to filter malicious traffic from DDoS attacks. Firewalls can block malicious traffic from entering the server based on predefined rules. Here is a sample code for creating a rule to ban access from a specific IP:

iptables -A INPUT -s 192.168.1.1 -j DROP

This will ban access from the IP address 192.168.1.1.

2. Use a load balancer to distribute traffic
   In order to enable the server to handle more traffic and share the load, we can configure a load balancer. A load balancer will distribute traffic to multiple servers based on predetermined rules to ensure that the servers can handle the traffic evenly. The following is a sample code for configuring HAProxy as a load balancer:

frontend http
  bind *:80
  mode http
  default_backend servers

backend servers
  mode http
  server server1 192.168.1.2:80
  server server2 192.168.1.3:80

This will configure HAProxy to listen on port 80 and distribute traffic to the servers with IP addresses 192.168.1.2 and 192.168.1.3 superior.

3. Use Intrusion Prevention System (IPS) for real-time monitoring
   In order to detect and block DDoS attacks in a timely manner, it is essential to use Intrusion Prevention System (IPS) for real-time monitoring. IPS can detect abnormal traffic and institute appropriate measures, such as automatically blocking the attacker's IP address. The following is a sample code for configuring Fail2Ban as an IPS tool:

[DEFAULT]
bantime = 3600  # 封锁时间（秒）
findtime = 600  # 时间窗口内尝试登录次数
maxretry = 3   # 登录尝试失败次数

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s

This will enable Fail2Ban to monitor the SSH service and automatically block the attacker's login after 3 failed login attempts within 10 minutes. IP address.

4. Run DDoS attack simulation test
   In order to ensure the effectiveness of the defense mechanism, we can run a DDoS attack simulation test to verify the server's ability to withstand pressure. Use tools such as LOIC (Low Orbit Ion Cannon) to simulate a DDoS attack in a controlled environment and see if the server is functioning properly. Here is a sample code for running LOIC for DDoS attack simulation testing:

sudo apt-get install wine
wine LOIC.exe

This will install Wine and run LOIC.

Summary
As DDoS attacks continue to increase and evolve, configuring high-availability defense mechanisms is the key to protecting servers from attacks. This article describes how to configure firewalls, load balancers, and IPS on Linux platforms, and provides corresponding code examples. Note, however, that it is also crucial to keep systems updated and regularly review configurations to ensure that the server can continue to withstand the threat of DDoS attacks.

The above is the detailed content of How to configure high-availability defense against DDoS attacks on Linux. For more information, please follow other related articles on the PHP Chinese website!