DoS Attacs against WebSDR

[hb3xdc]

Unfortunately, my servers have fallen victim to multiple DOS attacks over the past few days, causing both the router and the server to crash or freeze due to overload. In the log of the old PA3FWM software, you can see how thousands of sessions were established per second. I couldn't find a log in PhantomSDR, but it also crashed.

Does anyone have tips on effectively protecting a server against this? (At the moment, I only have a FritzBox router and the Ubuntu Linux system available.)

[Martin G8JNJ]

It is an increasingly difficult problem, and not easily solved, as most are using VPN's with constantly changing IP addresses.

The KiWi SDR network is under constant attack, and a lot of countermeasures have been built in. However, that won't protect you from DoS attacks.

Your router firewall is the first line of defence, but most ISP provided units don't provide much functionality.

You may have to build or buy a hardware firewall if the problem persists.

A Raspberry Pi running IPFire, pfSense, OpenWrt or similar may be one option.

Regards,

Martin

[Bas ON5HB]

Linux has build in protection against DDoS.
Namely it stops replying to those addresses.

There is nothing to protect possible, as you can not stop the attacks.
And Linux protects itself till the attack is over by not responding.

The problem is that with a DDOS the requests are very high and typical addresses to the same port/nic.

There is nothing you can do about it but sit it out until it stops.

Windows machines however can be overloaded and processes can crash with un-predicted results.

Do not worry about Linux being attacked. Linux and also the Fritzbox do not crash when it happens, they just stop responding until it's over....or slowdown as a protection measure.

However, Phantom can crashes have been reported, it has a different reason. Systemd should check/control and rerstart it if needed, I made scripts for it.

This isn't Windows