Skip to content
June 17, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Criminals
  • Cyber Security
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
  • Windows
  • Home
  • Technique
  • 15 things to do to prevent DDOS attacks
  • Technique

15 things to do to prevent DDOS attacks

Ddos June 26, 2017

On this post, i am going to describes the 15 things against DDoS attacks, DDoS attacks mainly to two categories: bandwidth exhaustion attacks and resource exhaustion attacks, in order to effectively curb these two types of attacks, you can follow the steps listed in this article.

To combat DDoS (distributed denial of service) attacks, you need to have a clear understanding of what happened on the attack. Simply put, DDoS attacks through the use of server vulnerabilities, or resources (such as memory, hard disk consumption on the server etc.) to achieve the purpose. Tou can follow the steps listed below to do:

  1. If only a few computers are the source of the attack and you have identified the IP addresses for those sources, you place an ACL (access control list) on the firewall server to block these access from those IPs. If possible, change the IP address of the web server for a period of time, but if the attacker resolves your newly configured IP by querying your DNS server, this is no longer valid.
  2. If you are sure that the attack comes from a particular country, consider blocking the IP from that country, at least for a while.
  3. Monitoring the incoming network traffic. In this way you can know who is visiting your network and can monitor the exception to the visitor, which can analyze the log and source IP afterwards. Before a large-scale attack, an attacker could use a small number of attacks to test the robustness of your network.
  4. The most effective (and expensive) solution for bandwidth-consuming attacks is to buy more bandwidth.
  5. You can also use high-performance load balancing software, the use of multiple servers, and deployed in different data centers.
  6. The use of load balancing for web and other resources, while also using the same strategy to protect DNS.
  7. Optimize the use of resources to improve web server load capacity. For example, the use of apache can install apachebooster plug-in, the plug-in and varnish and nginx integration, you can deal with the sudden increase in traffic and memory footprint.
  8. The use of highly scalable DNS devices to protect DDOS attacks against DNS. Consider the commercial solution for Cloudflare, which can provide DDOS attack protection for DNS or TCP/IP from layer 3 to layer 7.
  9. Enable the router or firewall anti-IP spoofing function. CISCO ASA firewall in the configuration of the function than in the router more convenient. Enable this feature in ASDM (Cisco Adaptive Security Device Manager) by clicking “Firewall” in “Configuration”, finding “anti-spoofing” and clicking Enable. You can also use the ACL (access control list) in the router to prevent IP spoofing, first for the network to create ACL, and then applied to the Internet interface.
  10. The use of third-party services to protect your site. There are many companies have such services, providing high-performance basic network facilities to help you resist denial of service attacks. You only need to pay hundreds of dollars a month on the line.
  11. Pay attention to the security configuration of the server, to avoid resource exhaustion DDOS attacks.
  12. Listen to the views of experts, for the attack in advance to respond to the emergency program.
  13. Monitoring the network and web traffic. If it is possible to configure multiple analysis tools, such as Statcounter and Google analytics, you can more visually understand the pattern of traffic changes and get more information from it.
  14. To protect DNS to avoid DNS amplification attacks.
  15. Disable ICMP on the router. Open ICMP only when testing is required. The following strategies are also considered when configuring the router: flow control, packet filtering, half-connection timeout, garbage packet discard, source forged packet drop, SYN threshold, disable ICMP and UDP broadcast.
Rate this post
Tags: ddos ddos attack prevent ddos attack

Continue Reading

Previous: [Bypass WAF] Php webshell without numbers and letters
Next: APACHE PROTECTION WITH MODSECURITY

Search

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright Daily CyberSecurity © All rights reserved.