MITIGATOR has a TCP protection mode with ISN synchronization, in which after checking the client, the connection is not interrupted, filtering is transparent and convenient. To do this, you need to install a kernel module on the protected server, that will provide the necessary information, and a synchronization agent that will be polled by the MITIGATOR system.
Module code: https://github.com/ddos-mitigator/tcpsecrets.
MITIGATOR v20.12.0 or higher.
On the protected server:
Linux kernel 4.13 and higher (Shown by
uname -r command).
The time on the protected server and MITIGATOR should be synchronized. In fact NTP needs to be configured on both servers.
On a protected service running Debian or Ubuntu:
wget -O- https://docs.mitigator.ru/v22.06/dist/mitigator-agent | sh
The script installs the packages and downloads the source code of the module from GitHub.
If a firewall is used, TCP connections to port 7100 must be allowed.
The administrator of the MITIGATOR system will provide a public key of the following form:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO7P4aiE3fgdsVieFiFaUKjU54yFpU9FdiimsFHd6eZ mitigator1
mitigator1 is the name of the MITIGATOR instance in the cluster.
The resulting key must be added to the file
head -1 >> /opt/mitigator_agent/keys ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO7P4aiE3fgdsVieFiFaUKjU54yFpU9FdiimsFHd6eZ mitigator1
mitigator1 is a tag that helps to identify which instance was polling the
sync agent in the logs.
The code from the internet is runned as root using the command
wget -O- https://… | sh.
It is safer to download the file from the link, read it and run it.
Run the install command again. The configured keys will be saved.
sh mitigator-agent -d.