DosDetection
BitNinja has a built-in module for monitoring current active connections and interfering in case of a potential denial of service attack. If there are more than 80 connections from a single IP, BitNinja detects it as an attack. The 80 threshold can be configured on a per port basis.
BitNinja does NOT offer DDoS detection, however an indirect approach for protection is possible with the SslTerminating module's rate limiting and the core module IpFilter itself, which blocks many IPs.
Configuration
BitNinja Dashboard
You may also adjust the threshold from the Dashboard's Configuration - DosDetection page.
Please note that, in such a case only the general threshold can be modified.
Configuration File Method
The thresholds can be changed in the config file: /etc/bitninja/DosDetection/config.ini.
;
; Thresholds set to DoS Detection
;
[tresholds]
general = 80
; Threshold for remote SMTP servers.
remote[25] = 200
remote[53] = 200
; Threshold for local ports
local[22] = 40
;You can set restrictions for remote and local ports. For example to change
;the number of connections allowed to the default IMAP4 port (143) you can do this:
local[143] = 150
When BitNinja detects a DoS attack, it will block the IP for 1 minute and
then place it to the challenge list allowing the user to delist his/her IP. To change
the default threshold, you can modify /etc/bitninja/IpFilter/config.ini or add
this section with the proper value:
[times]
;
; Temporary block list time in DoS suspicious requests; default: 60
;
tmp_bl_sec = 60
Don't forget to sync your local configuration to the cloud with bitninjacli --syncconfigs after you have changed any settings in the configuration file.
You can read more about the challenge list on the Capthcha HTTP page.
Don't forget to restart BitNinja after creating the custom restrictions.
service bitninja restart