Using firewall to configure anti-SYN DDoS and CC attack methods in Linux (1/2)

The code is as follows

Copy Code

#防止SYN攻击 Lightweight prevention Iptables-n Syn-flood Iptables-a input-p tcp–syn-j Syn-flood Iptables-i syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j return Iptables-a syn-flood-j REJECT #防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded Iptables-a input-i eth0-p tcp–syn-m connlimit–connlimit-above 15-j DROP Iptables-a input-p tcp-m state–state established,related-j ACCEPT #用Iptables抵御DDOS (same argument as above) Iptables-a input-p tcp--syn-m limit--limit 12/s--limit-burst 24-j ACCEPT Iptables-a forward-p tcp--syn-m limit--limit 1/s-j ACCEPT

##########################################################

Linux slows cc attacks

CC attacks can be regarded as the most depressing attack, hard to prevent, soft defense does not come. But a iptables with Linux can slow down the CC attack.

First install Iptables

Apt-get Install Iptables

Then set the rules

Iptables-i input-p tcp–dport 80-m connlimit–connlimit-above 10-j DROP

10 is an IP only allowed to open 10 threads, or lose the packet

If the amount of DDoS is larger, change to 5 ah 3 ah, ...

Too small can affect speed

After Iptables-save >/etc/noddos

And then in the/etc/rc.local.

Input Iptables-restore/etc/noddos

Here is the supplementary

Protect against DDoS attack scripts

The code is as follows

Copy Code

#防止SYN攻击 Lightweight prevention Iptables-n Syn-flood (if your firewall is configured with ": syn-flood–[0:0]" By default, this item is not allowed because it is duplicated) Iptables-a input-p tcp–syn-j Syn-flood Iptables-i syn-flood-p tcp-m Limit –limit 3/s–limit-burst 6 -j return Iptables-a syn-flood-j REJECT #防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded Iptables-a input-i eth0-p tcp–syn-m connlimit –connlimit-above 15-j DROP Iptables-a input-p tcp-m State –state established,related-j ACCEPT #用Iptables抵御DDOS (same argument as above) Iptables-a input-p tcp–syn-m limit–limit 12/s –limit-burst 24-j ACCEPT Iptables-a forward-p tcp–syn-m Limit –limit 1/s-j ACCEPT ########################################################## or add the following information directly within the firewall Iptables file: #部分为注释信息 -N Syn-flood (if your firewall is configured with ": syn-flood–[0:0]" By default, this item is not allowed because it is duplicated) -A input-p tcp–syn-j Syn-flood -I syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j return -A syn-flood-j REJECT #DDOS One IP of link -A input-i eth0-p tcp–syn-m connlimit–connlimit-above 15-j DROP -A input-p tcp-m state–state established,related-j ACCEPT -A input-p tcp–syn-m limit–limit 12/s–limit-burst 24-j ACCEPT -A forward-p tcp–syn-m limit–limit 1/s-j ACCEPT

White List settings:
Sometimes the default whitelist often has errors, in order to avoid this situation, we can manually set the white list of IP, and then force not allowed to modify

The code is as follows

Copy Code

Vi/usr/local/ddos/ignore.ip.list Manually set white list IP Chattr +i/usr/local/ddos/ignore.ip.list Force does not allow modification Chattr-i/usr/local/ddos/ignore.ip.list Remove not allow modification Manually shielded IP with iptables: The command for a single IP is Iptables-i input-s 124.115.0.199-j DROP To restore a single IP: iptables-d input-s 124.115.0.199-j DROP The command for the IP segment is Iptables-i input-s 124.115.0.0/16-j DROP Iptables-i input-s 124.115.3.0/16-j DROP Iptables-i input-s 124.115.4.0/16-j DROP The order of the entire paragraph is Iptables-i input-s 124.115.0.0/8-j DROP The order to seal a few paragraphs is Iptables-i input-s 61.37.80.0/24-j DROP Iptables-i input-s 61.37.81.0/24-j DROP

home 1 2 last