How to protect an apache server from hping3's syn attack?
gabrielcard
Member Posts: 3 ■■□□□□□□□□
II'm doing a scenario where I have a VM with apache2 and a VM client that will attack the apache server with hping3 syn attack (hping3 -S --flood -V -p 80 server_ip).
So which tool should I use that is simplest to implement? I could use pfsense, but I would like another solution (teacher request)
If there is another type of attack that can be prevented in a simpler way, the objective of the project is to build a scenario to use one tool to carry out a DoS attack and another to defend it.
I was trying to use fail2ban but it didn't work, I tried these steps (via chatgpt):
Certainly! Here is the information translated into English:
1. Create a Custom Filter File for SYN:
Open a text editor to create the custom filter:
```bash
sudo nano /etc/fail2ban/filter.d/syn.conf
```
Add the following content to the file:
[Definition]
failregex = ^<HOST>.* "GET .*" 400
ignoreregex =
This filter looks for patterns in logs where access attempts with HTTP status code 400 occur.
2. Update the Fail2Ban Configuration File:
Open the Fail2Ban configuration file:
sudo nano /etc/fail2ban/jail.local
Add a section for the new SYN rule at the end of the file:
[syn]
enabled = true
port = all
filter = syn
logpath = /var/log/apache2/access.log
maxretry = 5
Ensure that the reference to the filter matches the name of the filter file you created (`syn.conf`).
3. Restart Fail2Ban:
Restart Fail2Ban to apply the new configurations:
sudo service fail2ban restart
So which tool should I use that is simplest to implement? I could use pfsense, but I would like another solution (teacher request)
If there is another type of attack that can be prevented in a simpler way, the objective of the project is to build a scenario to use one tool to carry out a DoS attack and another to defend it.
Tagged:
Comments
-
JDMurray Admin Posts: 13,099 AdminWhat does ChatGPT recommend to use for attack and defense tools? You can ask it to use different tool suggestions if you don't like its first response.
-
shochan Member Posts: 1,014 ■■■■■■■■□□Yeah, I was wondering about this as well...does this have anything to do with HTTPMethods?CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
-
JessieRoss Member Posts: 5 ■■□□□□□□□□To protect your Apache server from SYN flood attacks, using
iptables
is a simple and effective solution.