What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache2 to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Installation:

apt-get install libapache2-mod-evasive

Activate the mod_evasive module:

In the directory: / etc/apache2/mods-available / Debian Squeeze should already have directive to load the module. Or you just can use the following command:

a2enmod mod-evasive

The configuration:

You probably heard before of the term Denial of Service. What does this mean? How can you stop DOS?

Taking advantage of a known problem with the Operating System or any running services on the target, a good programmer can build an application that sends some data that causes the targeted system to crash.

The worst case scenario is not when a hacker crashes a service, but when it finds a way to maximize the CPU usage causing a total malfunction on the system.

Of course most of the attacks are not initiated by these kind of programmers, but by “script kiddies” who only read about it, find the program’s source over the web and just use it without knowing the mechanisms it uses.

Usually, DoS attacks are closely related to brute force attacks. The brute force attack uses all combinations of possible characters or dictionary word lists to try find out any passwords on the system (eg root accounts). When a root account in a network is found out, any DoS attacks can be done easily over the specific network.

Here are some of the most known DoS attacks:

1. SYN Floods