An Efficient Framework to Prevent Distributed Denial of Service Attack

Abstract

Internet and web services have become an inseparable part of our lives. Hence, ensuring continuous availability of service has become imperative to the success of any organization. But these services are often hampered by constant threats from myriad types of attacks. One such attack is called Distributed Denial of Service (DDoS) attack that results in issues ranging from temporary slowdown of servers to complete non-availability of service. The complexity of DDoS attack makes their detection and mitigation difficult. In this research, an effective protection framework based on FNM open-source tool and iptables was proposed, FNM is use to detect DDoS-based flood attack (SYN, UDP, and ICMP) by adjusting the abnormal rate of packet data sent (threshold), FNM discovered the attack and notified the administrator of the system via e-mail and produced a report containing detailed information about the attack, it was noted that there are data packets issued by the server responding to the attack in the variable outgoing pps, which means consumption of server resources resulting in the denial of service, after that was used packet filtering in Linux kernel by used iptables script to filter attack traffic and drop, then was tested re-attack and compared to the variable value of outgoing pps, which became zero which means there is no data packets issued by the server, the experimental result shows that when using the tools FNM and iptables it has more security and enhances safety in detecting and minimizing attack-blocking service.