CC attacks are the most depressing attacks. They are hard to defend against and cannot defend against. However, using Linux's iptables can mitigate CC attacks.
First install iptables
Apt-Get install iptables
Then set the rule
Iptables-I input-P TCP-dport 80-M connlimit-abve 10-J Drop
10 indicates that an IP address can only open 10 threads; otherwise, packet loss occurs.
If the DDoS volume is large, change it to 5, 3, or something like that ,..
Too small will affect the speed
Then iptables-save>/etc/noddos
Then in/etc/rc. Local
InputIptables-Restore/etc/noddos
Let's take a look at the defensive effect.
I have limited a maximum of five IP addresses, so the attack stream has a maximum of five connections, and all others are packet loss by iptables. If you do not set five, the number of connections will reach thousands .. The server crashes.
The amount of protection is related to the CPU and bandwidth of your server...