Possible DDOS attack vector

Additional features you would like to see added, changed, or removed. This forum isn't just for the Cerberus FTP Server application. Feel free to post suggestions for anything related to Cerberus (the website, this forum, ect.)
Post Reply
GrantConsultingGroup
User
Posts: 26
Joined: Thu Dec 01, 2016 7:58 pm

Possible DDOS attack vector

Post by GrantConsultingGroup » Thu Feb 09, 2017 3:49 pm

We have noticed that Cerberus FTP will maintain and track a separate session for each individual that attempts to connect to the webpage. We also have seen remote devices open several connections to our SFTP system but never attempt to log into the system (thus they never get blocked). This raised the idea to us that some external or remote user was probing the SFTP system to collect information on how it handled open sessions.

We know that the default number of max connections is "500". What is Cerberus's recommendation on how to configure the application to prevent DDOS attacks against the Cerberus SFTP system for the attack vector of exhausting available sessions to the server. This attack vector could include connections that are at a variety of different stages with the application from negotiating SSL cipher and initial handshake to waiting for remote machine to log into the system.

We already have Automatic IP blocking and DOS protection enabled but since those features appear to be limited to protecting a different part of the Cerberus FTP application login requests and password attack(s) we are unsure if that protection mechanism affords any protection to this part of the application.

This is not a new attack vector, but we are unsure if this has ever been raised to your organization before?
Attack vector is dealing with session exhaust and how to enable and configure protection against it when sessions are simply connecting but not attempting to login to the session.

GCG Helpdesk

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Possible DDOS attack vector

Post by Serin » Thu Feb 09, 2017 4:26 pm

Hello,

Please see the section in our online help titled "The “Auto-Blocking” page". Specifically, the Enable DoS Protection settings. I believe this accomplishes what you are looking for.


https://www.cerberusftp.com/support/hel ... toblocking

Post Reply