Extreme Hacking
Advanced Ethical Hacking Institute in Pune

Types of Attacks.
1.Layer 4 attacks are attacks based on the network layer. they range from UDP, TCP, ICMP, ext.
2.Layer 7 attacks are based on the application level, Software for web-servers, game-servers, ext. these are vulnerable to these.
these work by filling the server in question with requests that the server cannot reply in time.

Layer 4 protection.

Install IP TABLES
Ubuntu/Debian

Code:
apt-get install iptables

Centos/Redhat/Fedora

Code:
yum install iptables

Block a ip addres’s with iptables.

Code:
iptables -A INPUT -s 49.215.185.103 -j DROP

Block multiple ip addres’s.

Code:
iptables -A INPUT -s 49.212.186.0-255 -j DROP

Block SYN Packets.

Code:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

blocking services can work by blocking the port.

Code:
Chargen: iptables -A INPUT -s *.*.*.* --dport 19 -j DROP
DNS: iptables -A INPUT -s *.*.*.* --dport 53 -j DROP
SNMP: iptables -A INPUT -s *.*.*.* --dport 161 -j DROP
NTP: iptables -A INPUT -s *.*.*.* --dport 123 -j DROP

Layer 7 Protection.
in your nginx config file you should be able to find the client_body_buffer_size.
Now we need to harden that to help protect.
right now it should look like this:

Code:
client_body_buffer_size  1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;

edit this:

Code:
client_body_timeout   15;
client_header_timeout 15;
keepalive_timeout     5 5;
send_timeout      15;

This it’s helping for shorter post attacks.

Website protection (free):
Incapsula
Cloudflare

Website protection (notfree):
Netdna
MaxCDN
Amazon AWS
Internap
LiquidWeb
EdgeCast

Setting up a Forward proxy:

Code:
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
iptables -t nat -A POSTROUTING -j MASQUERADE

What is this?, Well it basicly redirects traffic from your server/port you specifyed. to the one you want to send it to…

www.extremehacking.org
CEHv8 CHFIv8 ECSAv8 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India,IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune