Measure the test taker's knowledge about how to deal with external DDoS attacks. Linux uses Iptalbes to disable PHPDDOS from sending packets.

Measure the test taker's knowledge about how to deal with external DDoS attacks. Linux uses Iptalbes to disable PHPDDOS from sending packets.

The penalty policy of us vps for DDOS attacks is,

Further violations will proceed with these following actions:

1st violation-Warning and shutdown of server. We will allow 24 hours for you to rectify the problem. the first time is Warning + shutdown, giving 24 hours to solve the problem

2nd violation-Immediate reformat of server. The second request is to format the server immediately.

3rd violation-Cancellation with no refund. The third request is to cancel the service and no refund is given.

To solve this problem, give a simple description,

Characteristics: When IIS is enabled, the outbound bandwidth of the server is used up. That is to say, the server keeps sending packets to others. This is different from the ddos attack. Ddos constantly receives a large number of packets.

Solution:

Stop IIS first, so that no external attack can be performed for the moment, and then

Disable the above Code:

In c: windowsphp. ini, set:

Disable_functions = export, passthru, exec, system, chroot, scandir, chgrp, chown, shell_exec, proc_open, proc_get_status, ini_alter, ini_alter, listen, dl, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server, fsocket, fsockopen

Set the value to Off in c: windowsphp. ini.

Allow_url_fopen = Off

And:

; Extension = php_sockets.dll

The preceding; number must be available, which means to restrict the use of sockets. dll

Prefix; number to be retained

Then start IIS

In an IP policy or firewall, all udp packets are prohibited from being sent out.

Solution in linux

1. Prohibit the local machine from sending UDP packets externally

Iptables-a output-p udp-j DROP

2. Allow ports (such as DNS) requiring UDP services)

Iptables-I OUTPUT-p udp -- dport 53-d 8.8.8.8-j ACCEPT

The green "53" is the UDP port required by DNS, and the yellow "8.8.8.8" is the dns ip address, which is determined based on your server settings, if you do not know the dns ip address used by your server, you can run the following command in SSH to obtain it:

Cat/etc/resolv. conf | grep nameserver | awk 'nr = 1 {print $2 }'

Complete iptables rules

　　

#iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT　　#iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT　　#iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 -d 8.8.4.4 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT　　#iptables -A OUTPUT -p udp -m udp --sport 1024:65535 -d 8.8.8.8 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT　　#iptables -A OUTPUT -p udp -j REJECT　　#/etc/rc.d/init.d/iptables save　　# service iptables restart　　#chkconfig iptables on

Open external and internal DNS port 53

Disable all other Outbound UDP protocols

Start iptables

In addition, the above code is used for Google DNS resolution on my server and external access on my server (you need to access the Internet on the server, if the server is a simple server, and you do not need to install yum, you do not need to). Therefore, I open access to 8.8.4.4 and 8.8.8.8. If you are not set to Google DNS, then you need to change it to your DNS. What is the DNS used? You can use the following method to query