Linux mitigates CC attacks

Source: Internet
Author: User

CC attacks are the most depressing attacks. They are hard to defend against and cannot defend against. However, using Linux's iptables can mitigate CC attacks.

First install iptables

Apt-Get install iptables

Then set the rule

Iptables-I input-P TCP-dport 80-M connlimit-abve 10-J Drop

10 indicates that an IP address can only open 10 threads; otherwise, packet loss occurs.

If the DDoS volume is large, change it to 5, 3, or something like that ,..

Too small will affect the speed

Then iptables-save>/etc/noddos

Then in/etc/rc. Local

InputIptables-Restore/etc/noddos
Let's take a look at the defensive effect.

I have limited a maximum of five IP addresses, so the attack stream has a maximum of five connections, and all others are packet loss by iptables. If you do not set five, the number of connections will reach thousands .. The server crashes.

The amount of protection is related to the CPU and bandwidth of your server...

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.