One of the possibility to protect your business or service from massive DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks, is to limit the number of concurrent connections that can be accepted in a given interval of time.

NoMachine client connections by NX protocol

In order to mitigate DoS attach for NoMachine connections by NX protocol, it's possible to activate the following keys in the server configuration file (available since NoMachine v. 6.11.2):

1) Specify the maximum number of concurrent connections that nxd, the NoMachine service in charge of accepting connections by NX protocol, should accept:

NXDConnectionsLimit ""
(*)
 

2) Specify the maximum number of connections that nxd should accept in a given interval of time:

NXDConnectionsIntervalLimit ""

3) Specify in seconds the given interval of time:

NXDConnectionsInterval ""

A practical example:

NXDConnectionsLimit "8"
NXDConnectionsIntervalLimit "4"
NXDConnectionsInterval "1"

NoMachine will accept up to 8 concurrent connections by NX protocol and only up to four connections per second.

(*) Keys in NoMachine versions previous to v. 8.2 were named: NXdConnectionsLimit, NXdConnectionsIntervalLimit and NXdConnectionsInterval "1"

On Linux and macOS, as an alternative, it's possible to adopt a third party software like Fail2ban (https://www.fail2ban.org/) to prevent brute force attack, you may find an example here: https://www.nomachine.com/AR05P00983. 

NoMachine client connections by SSH protocol

In this case we recommend to use on Linux and macOS a third party program designed to mitigate (D)DoS attacks, like Fail2ban.
 

NoMachine connections by the web

Since v. 6.10.2, the NoMachine built-in Apache web server, nxhtd, includes the mod_evasive module, https://github.com/jzdziarski/mod_evasive.

One of the possibility to protect your business or service from massive DoS or DDoS Distributed Denial of Service) attacks, is to limit the number of concurrent connections that can be accepted in a given interval of time.