How to protect an apache server from hping3's syn attack?

gabrielcardgabrielcard Member Posts: 3 ■■□□□□□□□□
in Colleges & Schools
II'm doing a scenario where I have a VM with apache2 and a VM client that will attack the apache server with hping3 syn attack (hping3 -S --flood -V -p 80 server_ip).
I was trying to use fail2ban but it didn't work, I tried these steps (via chatgpt):

Certainly! Here is the information translated into English:
1. Create a Custom Filter File for SYN:
   Open a text editor to create the custom filter:
   ```bash
   sudo nano /etc/fail2ban/filter.d/syn.conf
   ```
   Add the following content to the file:
   [Definition]
   failregex = ^<HOST>.* "GET .*" 400
   ignoreregex =

   This filter looks for patterns in logs where access attempts with HTTP status code 400 occur.

2. Update the Fail2Ban Configuration File:
   Open the Fail2Ban configuration file:
   sudo nano /etc/fail2ban/jail.local

   Add a section for the new SYN rule at the end of the file:

   [syn]
   enabled = true
   port = all
   filter = syn
   logpath = /var/log/apache2/access.log
   maxretry = 5

   Ensure that the reference to the filter matches the name of the filter file you created (`syn.conf`).

3. Restart Fail2Ban:
   Restart Fail2Ban to apply the new configurations:

   sudo service fail2ban restart

So which tool should I use that is simplest to implement? I could use pfsense, but I would like another solution (teacher request)

If there is another type of attack that can be prevented in a simpler way, the objective of the project is to build a scenario to use one tool to carry out a DoS attack and another to defend it.
Tagged:
· Share on FacebookShare on Twitter

Comments

Sign In or Register to comment.