On Mon, Jul 19, 2010 at 1:07 PM, Nilesh Govindarajan <lists@xxxxxxxxxx> wrote: > On Mon, Jul 19, 2010 at 11:14 PM, Heiko Baums <lists@xxxxxxxxxxxxxxx> wrote: >> Am Mon, 19 Jul 2010 22:43:45 +0530 >> schrieb Nilesh Govindarajan <lists@xxxxxxxxxx>: >> >>> Hi, >>> Can someone tell me how to use IPTables to prevent DDoS attacks? >>> I'm sure IPTables has the relevant modules (limit, recent I think) >>> after reading some docs, but still in doubt about its implementation. >> >> There's the --limit option against DoS attacks. >> >> A good iptables tutorial with some example scripts is here: >> http://www.frozentux.net/documents/iptables-tutorial/ >> >> Read at least the chapter "Limit match". >> >> Heiko >> > > > Thanks a lot man. But I have a doubt (may sound quite weird, but I > really don't know about it). > Suppose I set this- > iptables -I INPUT -m limit --limit 1/min --limit-burst 5 -j ACCEPT > will this affect HTTP connections? > Basically, how many packets is probably going to constitute one connection? > What is the recommended setting for the same to prevent DoS? i dont know a lot about DoS or proper settings, but the connection doesn't really depend on "packet count" or anything like that. [IIRC] a connection is established at the TCP level, and is kept alive at that level. HTTP 1.1 layer 7 "keep-alives" just keep the layer 4/5 TCP connection open. HTTP 1.0 clients may have trouble with connection limits if you have high request rates, as they must establish a new connection on each request (again IIRC, could be flawed). C Anthony
