Hacker technology: classifies and prevents DoS attacks on Linux-Linux Enterprise applications-Linux server applications. For details, refer to the following section. As a result of the proliferation of Denial-of-Service attack tools and the fact that the protocol layer defects cannot be changed for a short time, denial-of-service attacks have become a widely spread and extremely difficult to prevent. Although no absolute method can be used to stop such attacks so far, there are still some solutions for different attack methods. This document uses Redhat Linux 9.0 as an example to describe how to classify and prevent DoS attacks.
Two Daemon Processes on the Linux Server
1. stand-alone mode
The stand-alone mode is the access mode of the traditional Unix C/S mode. The server listener (Listen) waits for the client to come online on a special port. If the client generates a connection request, the daemon creates a (Fork) subserver to respond to the connection, and the master server continues to listen to the connection to keep multiple subserver pools waiting for the next client request. The operating principle of the Stand-alone mode is shown in 1.
The network services that work in stand-alone mode include route and gated. The familiar Web servers are Apache and Sendmail. On a server with a large load such as Apache, creating a sub-server in advance can increase the customer's service speed.
In Linux, the services started in stand-alone working mode are started by the symbolic link in the running level under/etc/rc. d.
2. xinetd Mode
It can be seen from the concept of daemon that every service that the system uses must run a daemon that listens to a port connection. This usually means a waste of resources. To solve this problem, Linux introduces the concept of "network daemon service program.
The network daemon used by Redhat Linux 9.0 is xinetd (eXtended InterNET daemon ). Compared with the stand-alone mode, the xinetd mode is also called the Internet Super-Server (Super Server ). Xinetd can listen to multiple specified ports at the same time. When receiving user requests, it can start different network service processes to process these user requests based on different user request ports. We can regard xinetd as a management server that manages the startup service. It decides the program to which a customer request is sent for processing, and then starts the corresponding daemon process. How the xinetd mode works.
Compared with the stand-alone working mode, the system does not want every network service process to listen to its service port, and runs a single xinetd to listen to all service ports at the same time, thus reducing system overhead, protects system resources. However, if xinetd wants to start the corresponding network service process frequently when there is a large access volume and frequent concurrent access, it will lead to a decline in system performance.
Check which mode the system provides for the Linux service. Run the pstree command on the Linux Command Line to view the network services started in two different ways. Generally, some high-load services, such as Sendmail and Apache, are started independently, while other services can be managed using xinetd superservers, by default, xinetd services can be divided into the following categories:
Standard Internet services: telnet and ftp
Information Service: finger, netstat, comment
RPC service: rquotad, rstatd, rusersd, sprayd, walld
BSD service: comsat, exec, login, ntalk, shell, talk
Internal services: chargen, daytime, echo, servers, services time
Security Service: irc
Other services: name, tftp, uucp
TIPS: in principle, Apache and sendmail can also be started in xinetd mode, but you need servers with high hardware levels.
Xinetd-mode DoS prevention
Xinetd provides functions similar to inetd + tcp_wrapper, but it is more powerful and secure, and can effectively prevent DoS:
1. restrict the number of processes running at the same time
Set the number of concurrent processes that run at the same time by setting the instances option. For example:
