How to Block DDOS Attacks with ASP.NET

December 14, 2015 | Views: 15864

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Many people have asked me how to evade DOS and DDOS Attacks. In this short discussion, I’d like to explain how I protect my applications or systems from DDOS Attacks.

This article is intended for advanced Software developers and IT people, but feel free to read it even if you’re beginner. Someday, it might be useful for you.

In case you don’t know what DOS and DDOS attacks are: DOS stands for Denial of Service and DDOS stands for Distributed Denial Of Service

Both of these mean that an attacker wants to attack the server and make it unavailable. When a server or website is not available, we can’t use the services offered. Many IT people are scared of this kind of attack.

All software developers and IT experts work on improving the overall security, stability and availability of their systems and applications. Yet, sometimes they stumble upon a problem and know the issue, but they can’t fix it without losing something else.

For example, you may be aware that when you protect your systems from DDOS attacks, you usually improve the availability and stability of your servers, but might often decrease the performance of the application.

DDOS attacks are becoming a common way to bring websites and servers down with little effort. They’re easy to be executed and pretty hard to protect against, which is why they are so popular and widely used.

Let me explain what happens when an attacker DDOSes a server. Because the attack is Distributed, it means the attacker uses thousands of unique IP addresses (usually anonymous). He sends many requests repeatedly from every IP to a server at the same time. The server wants to process every request and send responses with the services it provides to every one of them. But, because the server gets too many requests in a short time, the requests can’t be processed. The server crashes and becomes unavailable.

The basic indication of a DDOS attack is when you get too many requests from many IP’s in short time.

When you want to fix that, it’s good to know there are some basic methods for protection. Yet, the only thing that you can do to prevent such an attack is to block the response to the attackers. When you’re attacked, you’ll have no control over the requests from the clients (attacker IP’s). You have to identify the attacker as early as possible after the requests have been received.

I recommend 2 ways of protection; choose the one that your situation:

1. Buy a Hardware Firewall with DDOS protection and connect it to your configured server.

or

2. Make a DDOS Filtering solution in your software platform and use it.

I’ll describe my second option so you can get an idea of how to protect from this kind of attack.

To catch the requests as early as possible, an HTTPModule is the right place to start. The HTTPModule is executed before any page or any other handler, so the impact on the server can be minimized. The HTTPModule should monitor all requests and block the requests coming from IP addresses that make many requests in a short period of time. After a while, the attacking IP address gets released from blocking. The non-attacking IP’s are still served with the services they need.


The module I’m going to show to you works with high performance and lightweight protection from DDOS attacks. It’s very easy to implement. In my example, I will explain a solution in ASP.NET.

In order to implement this module, you should:

Add the following lines to the web.config <system.web> section:

< httpModules >

< add type = ” DosAttackModule ” name = ” DosAttackModule ” />

</ httpModules >

– Then, Download the script from this URL (http://goo.gl/vYcsBp) and put the script into the App_Code folder in your solution.

If everything is done properly, your application will now handle the attacks and your server will have some protection. It will never allow over-processing.

– You can now test your website/server to see if it’s filtering attacker requests. If you’re a software developer, you could leverage the concept of this script to make your own script in your platform/programming language.

 

I hope you like my tutorials and find them useful.

Feel free to support my work and learn free.

I am Dragan Ilievski, Bachelor of Computer Science and IT freelancer in many IT areas.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
18 Comments
  1. Please share the script with me Google disabled the shortlinks.

  2. @dreamcoder – I hear your reply in terms of the defense.
    If you get multiple requests at a given short time and decide to block the IP Address and stop replying the attacker will have impression that your offline. Sophisticated DDoS attacks are scheduled for a certain period of time it could be for hours. will your firewall manage to defend against such attack and how?

    • Great question. This is how it works.. Every advanced firewall has a threshold parameter in which the network engineer can define the rules.. that means, that if some traffic is suspicious (for example it’s slower as you say, but it’s still used to ddos), the network guy will be alerted when the network traffic is above the threshold parameters, and it will be blocked again. However, there are also systems that visually present the network traffic and predict if some traffic is suspicious. My tip to you: if you want safe Network, you have to implement methods that handle the rules and everything unexpected should be blocked. This is really advanced area and many people learn the tricks all their life.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel