How to prevent a DDoS attack
- 1). Select a firewall that is capable of gateway filtering both ingress and egress packets, such as the Advanced Policy Firewall (APF) program (see Resources). Install the firewall and configure it to suit your own servers and the tasks they will perform. This prevents holes in the firewall caused by being set up too generically from being exploited.
- 2). Install an intrusion detection system such as AIDE, or Advanced Intrusion Detection Environment, and configure it to your particular system (see Resources). An IDS will detect attempts to probe your servers, which is an early warning for many attacks and hacking attempts, including DDoS. Set up rules in your IDS to detect changes in file access permissions as these may be altered to make it easier for hackers to gain control of your computer.
- 3). Reconfigure your sysctl installation. Sysctl allows the kernel (the core of your operating system) to be reconfigured while the computer is running, and thus it needs to be protected from unauthorised access. Access the sysctrl.conf file and add lines to turn on protection against IP spoofing and TCP SYN cookies. Restart the network after saving the configuration file so the new parameters are implemented.
- 4). Determine whether Apache is installed and running on your system. If it is, install a copy of mod_dosevasive. This software attempts to protect your system from DDoS attacks by evading many of the common security exploits used in DDoS attacks. Once again, configure it to the precise requirements of your system. Restart your Apache installation once the software is configured.
- 5). Install the mod_security application into your Apache installation, if one is present. Mod_security is a set of security filtering controls that check each request sent to the server and filters out dangerous packets. This is especially useful for an anti-DDoS setup because many such attacks are initiated via standard HTTP requests.
Source...