What is a DoS/DDoS Attack?
---------------------------------

A Denial of Service attack is one of the most simple forms of attack you will encounter when managing a system with an internet connection. The most common type of denial of service attack, is a web based denial of service attack against your webserver. The aim is simply to flood your server with requests until either it crashes, or the network port is saturated to the point where nothing else gets through.

How do I know when I am under attack?
----------------------------------------------

There are a couple of things you may notice when under a Denial of Service attack.

1. Packet loss or increased latency
2. High server load

Check how many connections are being made to your server by IP address. To do this you can use the following:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Chances are if there are IP's listed with 100+ connections to your server, it might be someone upto no good.

How can I ban IPs on my server?
--------------------------------------

Banning IP's is very simple, use the following.

If you have the APF firewall installed:
apf -d xx.xx.xx.xx

If you have the CSF firewall installed:
csf -d xx.xx.xx.xx

If you are just using iptables and don't have APF or CSF installed, use:
iptables -I INPUT 1 -s -j DROP xx.xx.xx.xx

Additional Protection
-----------------------

If you are reguarly suffering from denial of service attacks, a few things you can do are

1. Install a firewall and bruteforce detection agent e.g. APF/BFD or CSF/LFD
2. Install Dos_Deflate to help detect and migitate such attacks
3. Limit the number of connections your server can handle + make sure it can handle that amount of load with stability