Using firewall to configure anti-SYN DDoS and CC attack methods in Linux (1/2)

Source: Internet
Author: User
Tags iptables
The code is as follows Copy Code

#防止SYN攻击 Lightweight prevention
Iptables-n Syn-flood
Iptables-a input-p tcp–syn-j Syn-flood
Iptables-i syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j return
Iptables-a syn-flood-j REJECT

#防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded
Iptables-a input-i eth0-p tcp–syn-m connlimit–connlimit-above 15-j DROP
Iptables-a input-p tcp-m state–state established,related-j ACCEPT

#用Iptables抵御DDOS (same argument as above)
Iptables-a input-p tcp--syn-m limit--limit 12/s--limit-burst 24-j ACCEPT
Iptables-a forward-p tcp--syn-m limit--limit 1/s-j ACCEPT

##########################################################

Linux slows cc attacks

CC attacks can be regarded as the most depressing attack, hard to prevent, soft defense does not come. But a iptables with Linux can slow down the CC attack.

First install Iptables

Apt-get Install Iptables

Then set the rules

Iptables-i input-p tcp–dport 80-m connlimit–connlimit-above 10-j DROP

10 is an IP only allowed to open 10 threads, or lose the packet

If the amount of DDoS is larger, change to 5 ah 3 ah, ...

Too small can affect speed

After Iptables-save >/etc/noddos

And then in the/etc/rc.local.

Input Iptables-restore/etc/noddos

Here is the supplementary

Protect against DDoS attack scripts

The code is as follows Copy Code
#防止SYN攻击 Lightweight prevention
Iptables-n Syn-flood (if your firewall is configured with ": syn-flood–[0:0]" By default, this item is not allowed because it is duplicated)
Iptables-a input-p tcp–syn-j Syn-flood
Iptables-i syn-flood-p tcp-m Limit
–limit 3/s–limit-burst 6
-j return
Iptables-a syn-flood-j REJECT
#防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded
Iptables-a input-i eth0-p tcp–syn-m connlimit
–connlimit-above 15-j DROP
Iptables-a input-p tcp-m State
–state established,related-j ACCEPT

#用Iptables抵御DDOS (same argument as above)
Iptables-a input-p tcp–syn-m limit–limit 12/s
–limit-burst 24-j ACCEPT
Iptables-a forward-p tcp–syn-m Limit
–limit 1/s-j ACCEPT
##########################################################
or add the following information directly within the firewall Iptables file: #部分为注释信息

-N Syn-flood (if your firewall is configured with ": syn-flood–[0:0]" By default, this item is not allowed because it is duplicated)
-A input-p tcp–syn-j Syn-flood
-I syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j return
-A syn-flood-j REJECT
#DDOS One IP of link
-A input-i eth0-p tcp–syn-m connlimit–connlimit-above 15-j DROP
-A input-p tcp-m state–state established,related-j ACCEPT
-A input-p tcp–syn-m limit–limit 12/s–limit-burst 24-j ACCEPT
-A forward-p tcp–syn-m limit–limit 1/s-j ACCEPT


White List settings:
Sometimes the default whitelist often has errors, in order to avoid this situation, we can manually set the white list of IP, and then force not allowed to modify

The code is as follows Copy Code
Vi/usr/local/ddos/ignore.ip.list

Manually set white list IP


Chattr +i/usr/local/ddos/ignore.ip.list

Force does not allow modification



Chattr-i/usr/local/ddos/ignore.ip.list

Remove not allow modification


Manually shielded IP with iptables:

The command for a single IP is
Iptables-i input-s 124.115.0.199-j DROP

To restore a single IP:

iptables-d input-s 124.115.0.199-j
DROP


The command for the IP segment is
Iptables-i input-s 124.115.0.0/16-j DROP
Iptables-i input-s 124.115.3.0/16-j DROP
Iptables-i input-s 124.115.4.0/16-j DROP

The order of the entire paragraph is
Iptables-i input-s 124.115.0.0/8-j DROP

The order to seal a few paragraphs is
Iptables-i input-s 61.37.80.0/24-j DROP
Iptables-i input-s 61.37.81.0/24-j DROP

home 1 2 last

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.