A summary of some methods of Linux anti-DDoS attack

Source: Internet
Author: User
Tags chmod vps iptables

Introduction to DDoS Deflate

DDoS deflate is a free script for defending and mitigating DDoS attacks. It creates an IP address for a large number of network connections through Netstat monitoring trails that prohibit or block these IPs through APF or iptables when a node is detected that exceeds the preset limit.

DDoS Deflate official website: http://deflate.medialayer.com/

How do I verify that DDoS attacks are being exploited? Perform:

The code is as follows Copy Code

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n

After execution, the number of connections to each IP on the server is displayed.

Here are the results of my own VPS test:

The code is as follows Copy Code

li88-99:~# Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n
1 114.226.9.132
1 174.129.237.157
1 58.60.118.142
1 Address
1 servers)
2 118.26.131.78
3 123.125.1.202
3 220.248.43.119
4 117.36.231.253
4 119.162.46.124
6 219.140.232.128
8 220.181.61.31
2311 67.215.242.196

A few, more than 10, or dozens of connections per IP are fairly normal, and if hundreds of thousands of them seem to be out of the ordinary.

1. Install DDoS deflate123 wget http://www.inetbase.com/scripts/ddos/install.sh//download DDoS deflate

The code is as follows Copy Code
Chmod 0700 install.sh//Add Permissions
./install.sh//Executive

2. Configure DDoS deflate The following is the default configuration for DDoS deflate located in/usr/local/ddos/ddos.conf, which reads as follows:

The code is as follows Copy Code
##### Paths of the script and other files
Progdir= "/usr/local/ddos"
Prog= "/usr/local/ddos/ddos.sh"
Ignore_ip_list= "/usr/local/ddos/ignore.ip.list"//IP address white list
cron= "/etc/cron.d/ddos.cron"//Timed execution procedure
apf= "/etc/apf/apf"
ipt= "/sbin/iptables"

##### frequency in minutes for running the script
##### caution:every time This setting are changed, run the script with--cron
##### option so the new frequency takes effect
Freq=1//Check time interval, default 1 minutes

##### How many connections define a bad IP? indicate that below.
no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be

##### apf_ban=1 (Make sure your APF version is atleast 0.96)
##### apf_ban=0 (Uses iptables for banning IPs instead of APF)
Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0.

##### kill=0 (Bad IPs are ' NT banned, good for interactive execution of script)
##### kill=1 (recommended setting)
Kill=1//Whether shielding IP, the default can

##### an email was sent to the following address when a IP is banned.
##### Blank would suppress sending of mails
email_to= "root"///when IP is blocked to send mail to the specified mailbox, recommended to use, change your own mailbox can

##### number of seconds the banned IP should remain in blacklist.
ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation

The user can modify the configuration file according to the comment content that is added to the default profile.


View the 117th line of the/usr/local/ddos/ddos.sh file (partial personality, and then modify it when the default is found to be invalid)

The code is as follows Copy Code

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-nr > $BAD _ip_list

Modify to the following code!

The code is as follows Copy Code

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sed-n '/[0-9]/p ' | Sort | uniq-c | Sort-nr > $BAD _ip_list

Like toss can use the web stress test software to test the effect, believe that DDoS deflate or can give your VPS or server to protect against a part of DDoS attacks, to your site more protection.


In addition to this approach we recommend ourselves to use a method of preventing DDoS attacks

Script

The code is as follows Copy Code

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod +x install.sh
./install.sh

If uninstall is required

The code is as follows Copy Code

wget http://www.inetbase.com/scripts/ddos/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh

Then the installation was successful. For general DDoS should be no problem.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.