Re: anti-dos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2004-01-28 at 09:18, Fritz Mesedilla wrote:
> in preparation to sco's feb 1. dos attack, is there any special iptables rules that i can use to avoid dos attacks?
> all i have right now is i blocked all ports then opened the mail and internet.
> 
> what else can i do for rules?
> 
You can use the limit support to limit packet rates:

### syn-flood chain
$IPTABLES -N syn-flood
$IPTABLES -A syn-flood -i $IFACE_INET -m limit --limit 75/s
--limit-burst 100 -j RETURN
$IPTABLES -A syn-flood -i $IFACE_DMZ -m limit --limit 75/s --limit-burst
100 -j RETURN
$IPTABLES -A syn-flood -i $IFACE_INT -j RETURN
$IPTABLES -A syn-flood -j LOG --log-prefix "SYN-FLOOD: "
$IPTABLES -A syn-flood -j DROP

$IPTABLES -A INPUT -i $IFACE_INT -p tcp --syn -j syn-flood
$IPTABLES -A INPUT -i $IFACE_DMZ -p tcp --syn -j syn-flood
$IPTABLES -A INPUT -i $IFACE_INET -p tcp --syn -j syn-flood


> thanks.
> 
> 
> Cheers,
> 
> fritz <www.mesedilla.com>
> ---
> + Basta Ikaw Lord
> 
> 
> 
> 
> ----------------------------------------------------------------------
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately by e-mail and delete this e-mail from your
> system. Please note that any views or opinions presented in this
> email are solely those of the author and do not necessarily represent
> those of the company. Finally, the recipient should check this email
> and any attachments for the presence of viruses. The company accepts
> no liability for any damage caused by any virus transmitted by this
> email. 
> 
> Overture Media, Inc.
> Direct Line: (632) 635-4785
> Trunkline:   (632) 631-8971 Local 146
> Fax: (632) 637-2206
> Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux